Rewrapping eCryptfs Passpharse To Protect Against CVE-2014-9687
Why eCryptfs?
I have an eCryptfs filesystem I use to protect my sensitive data at rest in addition to full disk encryption via LUKS. It’s mounted only for a handful of hours a year. The encrypted files are then backed-up seemlessly using traditional cloud backup services.
My setup works great and I feel confident that it’s “good enough” for my needs to protect against malware on my computer for accessing sensitive files.
It’s easy to use with the ecryptfs-mount-private
and ecryptfs-umount-private
commands.
Security Issue with CVE-2014-9687
The salt wasn’t randomly generated and allowed rainbow table attacks. The time has apparently come and the rainbow table has been generated and published. It’s hosted on Github @ kudelskisecurity/ecryptfs-dictionary-v1 with corresponding write-up.
Time to rewrap my passphrase with a randomly generated salt to render the rainbow table useless.
It appears that eCryptfs had some primitive support for a manually generated salt with the ~/.ecryptfsrc
file but it wasn’t automatically setup and likely largely unused. A better approach is to always use a randomly generated salt and this was introduced with the v2 passphrase file that resolves CVE-2014-9687. Details on this change are in revision 839.
How Do I Rewrap My Passphrase?
Step 1 - Check File Version
Determine if your wrapped passphrase file is version 1 or version 2. According to read_wrapped_passphrase_file_version() a version 2 file will begin with an ASCII :
followed by 0x2
and an unversioned file will have ASCII hex data. Anything larger then v2 currently is unsupported.
Use xxd
or hexdump
to check. Mine original v1 passphrase file for reference:
$ xxd -l 2 ~/.ecryptfs/wrapped-passphrase
00000000: 3065 0e
Looks like version 1 to me. The file size was 48 bytes.
Step 2 - Backup
Copy the file to be safe in case the rewrap goes bad:
$ cp ~/.ecryptfs/wrapped-passphrase ~/.ecryptfs/wrapped-passphrase.bak
Step 3 - Rewrap
$ ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase
Old wrapping passphrase:
New wrapping passphrase:
New wrapping passphrase (again):
Step 4 - Check
If everything went according to plan the file should now begin with ASCII :
followed by 0x2
:
$ xxd -l 2 ~/.ecryptfs/wrapped-passphrase
00000000: 3a02 :.
Looks good, file size is now 58 bytes.
For the truly paranoid, running the rewrap again with the same passphrase will generate a file with different contents as the salt should have changed.
Step 5 - Test
Mount the the filesystem with ecryptfs-mount-private
or similar to verify.
Step 6 - Clean-up
Only clean-up once you know the new passphrase is working! And be thorough about it:
$ shred -vu ~/.ecryptfs/wrapped-passphrase.bak
Comments