Openssl vs gnupg for file encryption

R00KIE · 2015-10-27 16:01:01

I'm currently working on a PBA image for SEDs based on this[1]. My plan is to improve on the image provided in a few different ways, among them is supporting a keyfile (stored in a usb drive or sd card) in addition to keyboard password input.

Currently sedutil supports only managing one authentication password, so in order to maintain compatibility with keyboard password input I would like to store the password in encrypted form in the PBA image, then use the keyfile to decrypt the password and use the password to authenticate with the SED.

I was thinking of using openssl for this task because it has a very convenient base64 output, which is easy to handle in text files, however I have stumbled upon this[2] and it left me wondering if using openssl is a good idea.

I'd like to hear (read) your thoughts about this.

[1] https://github.com/Drive-Trust-Alliance/sedutil
[2] http://security.stackexchange.com/quest … passphrase

chickenPie4tea · 2015-10-30 14:34:31

I hate both and avoid them both as much as possible

frostschutz · 2015-10-30 14:55:01

Is dm-crypt/LUKS an option? That's what I use both for disk encryption, and keyfile encryption.

https://wiki.gentoo.org/wiki/Custom_Ini … ed_keyfile

For LUKS encrypted keyfiles, you get the same strength and multiple passphrase support that LUKS has for HDD encryption, plus the cryptsetup password prompt (and existing graphical frontends for such if you know how to re-use them).

\hbar · 2015-10-30 15:07:19

I'd like to understand the problem with MD5 that you mentionned in your reference [2]. If I understood correclty, the problem is that MD5 is susceptible to collision attacks, which means that one can find collections of strings that have the same MD5 hash. That seems bad if MD5 hashes are used to sign content, but is it really debilitating in this case? I understand that this vulnerability implies that several different passwords will generate the same key, which reduces the entropy of the key, but is this effect really so bad? Is the entropy reduction so big?

Also, is this still the way that openssl implements the enc command?

R00KIE · 2015-10-30 16:09:51

@frostschutz
I'll have to look at that, it seems very interesting and should be safe.

@\hbar
I can't claim to know enough about cryptography to give a good answer to that but from what I can understand, besides the collisions, the problem with md5 is that it is very fast to compute, that together with a number of hashing rounds of 1 (in the case of openssl) it makes it very easy to bruteforce. I suppose that md5 is also cheap memory wise (vs bcrypt for example - if I'm not wrong) so you could easily offload the bruteforcing to gpus.

I have also read that gnupg might be using openssl when performing symmetric encryption and this is the reason why I asked for some input here, someone might have looked into this or even implemented a similar scheme before and might provide some insight about hidden pitfalls or security problems.

Last edited by R00KIE (2015-10-30 16:12:26)

Arch Linux

#1 2015-10-27 16:01:01

Openssl vs gnupg for file encryption

#2 2015-10-30 14:34:31

Re: Openssl vs gnupg for file encryption

#3 2015-10-30 14:55:01

Re: Openssl vs gnupg for file encryption

#4 2015-10-30 15:07:19

Re: Openssl vs gnupg for file encryption

#5 2015-10-30 16:09:51

Re: Openssl vs gnupg for file encryption

Board footer