Bugzilla – Bug 920160
VUL-1: CVE-2014-9687: ecryptfs-utils: eCryptfs key wrapping help to crack user password
Last modified: 2016-04-27 20:19:10 UTC
via oss-sec CVE-2014-9687 From: Sylvain Pelissier <sylvain.pelissier@gmail.com> Subject: eCryptfs key wrapping help to crack user password Hi, I have noticed that ecryptfs-utils is the default program used by the Ubuntu distributions for home folder encryption since version 10.04. In this case, a wrapping key is generated from the user password using the hash function SHA-512 applied 65536 times. By default, the wrapping key is hashed with the default fixed salt (0x0011223344556677) and stored in the a file. This was already noticed in bug : https://bugs.launchpad.net/ecryptfs/+bug/906550 For Ubuntu installations time-memory trade-off (rainbow tables, etc.) can apply, as well as bulk dictionary attacks to crack user passwords of Ubuntu installations when the home folder encryption is activated. I am currently working to correct this weakness. Sylvain Pelissier References: http://seclists.org/oss-sec/2015/q1/498 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9687.html
Mitre CVE: In this case, a wrapping key is generated from the user password using the hash function SHA-512 applied 65536 times. By default, the wrapping key is hashed with the default fixed salt (0x0011223344556677) and stored in the a file. This was already noticed in bug : https://bugs.launchpad.net/ecryptfs/+bug/906550 https://bugs.launchpad.net/ecryptfs/+bug/906550/comments/5 all installations end up wrapping (encrypting) the mount passphrase with the user login password and the DEFAULT SALT VALUE. A unique salt value among almost all installations makes them a convenient target for a rainbow table attack on the wrapped-passphrase file. I got here because I am dabbling with a config package to implement mandatory eCryptfs encrypted home for all users of a system Use CVE-2014-9687. Our interpretation is that this is a vendor CVE request based on a vendor's perspective that ecryptfs-setup-private's use of the default salt was never the intended behavior. (For example, http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/view/head:/doc/beginners_guide/ecryptfs_beginners_guide.tex says "It is highly advised that you also provide a salt along with the password, which will help make an attack against your files harder than if you use the default salt.")
bugbot adjusting priority
affects both SLE11 and SLE12 and openSUSE. ecryptfs-utils 105 fixed the problem by introducing a new passphrase wrapping format. best would be to try a version update :/
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839 Committer: Tyler Hicks Date: 2015-03-10 16:58:50 UTC mfrom: (837.2.19 salt) Revision ID: tyhicks@canonical.com-20150310165850-lmkhbjwcz3jfq9c4 https://launchpad.net/bugs/1020902 * Introduce the version 2 wrapped-passphrase file format. It adds the ability to combine a randomly generated salt with the wrapping password (typically, a user's login password) prior to performing key strengthening. The version 2 file format is considered to be a intermediate step in strengthening the wrapped-passphrase files of existing encrypted home/private users. Support for reading/writing version 2 wrapped-passphrase files and transparent migration, through pam_ecryptfs, from version 1 to version 2 files is considered safe enough to backport to stable distro releases. The libecryptfs ABI around wrapped-passphrase file handling is not broken. - CVE-2014-9687 * Run wrap-unwrap.sh test as part of the make check target. * Add a new test, called v1-to-v2-wrapped-passphrase.sh, which is suitable for the make check target and verifies v1 to v2 wrapped-passphrase file migration. * Create a temporary file when creating a new wrapped-passphrase file and copy it to its final destination after the file has been fully synced to disk (LP: #1020902)
This is an autogenerated message for OBS integration: This bug (920160) was mentioned in https://build.opensuse.org/request/show/306383 Factory / ecryptfs-utils
xxd ~/.ecryptfs/wrapped-passphrase 0000000: 3163 6165 6364 6263 3361 6364 6264 6532 1caecdbc3acdbde2 0000010: 5dfb 4982 5a5e 3b75 b68a 1f3c aa7b bdd1 ].I.Z^;u...<.{.. this is a good salt (random hex letters) bad would be 0011223344556677 (I was hoping to find a bad case, but it seems hard)
submitted to sle11 / sle12.
SUSE-SU-2016:0241-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Server 12 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Desktop 12-SP1 (src): ecryptfs-utils-103-7.1 SUSE Linux Enterprise Desktop 12 (src): ecryptfs-utils-103-7.1
Not done for SLE 11
submitted now. i thought I had :/
Releasing updates, all done.
SUSE-SU-2016:0290-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: SUSE Linux Enterprise Server for VMWare 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Server 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Server 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Desktop 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Desktop 11-SP3 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ecryptfs-utils-61-1.35.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): ecryptfs-utils-61-1.35.1
openSUSE-SU-2016:0291-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 920160,962052 CVE References: CVE-2014-9687,CVE-2016-1572 Sources used: openSUSE Leap 42.1 (src): ecryptfs-utils-103-3.1