"The following text describes a security hole in the
encrypted loop device for linux. Because of it, an attacker is able
to modify the content of the encrypted device without being
detected. This text proposes to fix the hole by authenticating the
device.
The vulnerability of encrypted loop device is due to its lack of
authentication. The aim of encryption is to make the data
unreadable for anybody who doesn't know the key. It doesn't prevent
an attacker from modifying the data. People assume that an attacker
won't do it because the attacker wouldn't be able to choose the
resulting clear text. But this section shows that the attacker can
choose the resulting clear text to some extends and that modifying
the cypher text data may be interesting even if the attacker
ignores the result.
This attack is only applicable to device storing data which are
reused across mounts: most file-system (e.g. ext2, reiserfs, ext3)
but not swap. In some systems, encrypted device are stored in the
same location than the encrypted disk containing the operating
system. For those systems the attacker who can access the encrypted
device, can easily modify the OS to gain access (e.g. kernel)
independtly of the encrypted device."