Ticket #143 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

ISSAC or ISSAC+

Reported by: Overwriter Owned by: Garrett
Priority: minor Milestone: Eraser 6.0
Component: Core Version: 6.0.3.847
Keywords: ISAAC attack Cc:
Processor Architecture: Blocked By:
Blocking: Operating System:

Description (last modified by Joel) (diff)

ISSAC or ISSAC+

I just wondered which version of ISSAC was installed in Eraser V6.

ISSAC has this problem.

http://eprint.iacr.org/2001/049.pdf

I appreciate this will have little effect on the secure overwriting abilities of Eraser but it might have consequences for the Truecrypt plausible deniability feature !

Possibly one for Svante this ! :o)

Blocking

IdSummaryMilestone
#143ISSAC or ISSAC+Eraser 6.0

Blocked by

IdSummaryMilestone
#143ISSAC or ISSAC+Eraser 6.0

Change History

comment:1 Changed 5 years ago by Joel

  • Status changed from new to assigned
  • Description modified (diff)
  • Keywords ISAAC attack added
  • Version set to 6.0.3.847
  • Milestone set to Eraser 6.0
  • Owner set to Garrett

Actually the paper you submitted refers to the use of ISAAC as a stream cipher. We do not use the stream cipher capability of ISAAC but instead just that PRNG bit which I think is not affected by the paper.

It's a lot of maths that I don't wanna tire myself with (the number of equations and propositions there are really too many for me to handle) so my judgement is that Eraser is safe, but I'd still ask Garrett or Svante to look at it. If they got time, haha.

comment:2 Changed 5 years ago by Garrett

  • Status changed from assigned to closed
  • Resolution set to fixed

Having a totally random generator will actually make it easier for a forensic analysis to detect erasure has occured. "Plausible deniability" would be better served by overwriting with bits of existing files.

Note: See TracTickets for help on using tickets.