Rewrapping eCryptfs Passpharse To Protect Against CVE-2014-9687

Why eCryptfs?

I have an eCryptfs filesystem I use to protect my sensitive data at rest in addition to full disk encryption via LUKS. It’s mounted only for a handful of hours a year. The encrypted files are then backed-up seemlessly using traditional cloud backup services.

My setup works great and I feel confident that it’s “good enough” for my needs to protect against malware on my computer for accessing sensitive files.

It’s easy to use with the ecryptfs-mount-private and ecryptfs-umount-private commands.

Security Issue with CVE-2014-9687

The salt wasn’t randomly generated and allowed rainbow table attacks. The time has apparently come and the rainbow table has been generated and published. It’s hosted on Github @ kudelskisecurity/ecryptfs-dictionary-v1 with corresponding write-up.

Time to rewrap my passphrase with a randomly generated salt to render the rainbow table useless.

It appears that eCryptfs had some primitive support for a manually generated salt with the ~/.ecryptfsrc file but it wasn’t automatically setup and likely largely unused. A better approach is to always use a randomly generated salt and this was introduced with the v2 passphrase file that resolves CVE-2014-9687. Details on this change are in revision 839.

How Do I Rewrap My Passphrase?

Step 1 - Check File Version

Determine if your wrapped passphrase file is version 1 or version 2. According to read_wrapped_passphrase_file_version() a version 2 file will begin with an ASCII : followed by 0x2 and an unversioned file will have ASCII hex data. Anything larger then v2 currently is unsupported.

Use xxd or hexdump to check. Mine original v1 passphrase file for reference:

$ xxd -l 2 ~/.ecryptfs/wrapped-passphrase
00000000: 3065                                     0e

Looks like version 1 to me. The file size was 48 bytes.

Step 2 - Backup

Copy the file to be safe in case the rewrap goes bad:

$ cp ~/.ecryptfs/wrapped-passphrase ~/.ecryptfs/wrapped-passphrase.bak

Step 3 - Rewrap

$ ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase
Old wrapping passphrase:
New wrapping passphrase:
New wrapping passphrase (again):

Step 4 - Check

If everything went according to plan the file should now begin with ASCII : followed by 0x2:

$ xxd -l 2 ~/.ecryptfs/wrapped-passphrase
00000000: 3a02                                     :.

Looks good, file size is now 58 bytes.

For the truly paranoid, running the rewrap again with the same passphrase will generate a file with different contents as the salt should have changed.

Step 5 - Test

Mount the the filesystem with ecryptfs-mount-private or similar to verify.

Step 6 - Clean-up

Only clean-up once you know the new passphrase is working! And be thorough about it:

$ shred -vu ~/.ecryptfs/wrapped-passphrase.bak