Closed phantomcraft closed 2 years ago
There's iotool
or tfcrypt -P
functionality to get contents out of files at specified offset/length. Example:
% tfcrypt -R 1k k.bin
% ls -l k.bin
-rw-r--r-- 1 rys rys 1024 Feb 1 19:49 k.bin
% tfcrypt -qP -O iseek=516,count=256 k.bin | tfcrypt -e -S mac -c rand -O trunc -k - loudp2a.pcap loudp2a.out
tfcrypt: read: 1223590 (1.17M), XTS encrypted 1223846 (1.17M) bytes, written 1223846 (1.17M) bytes, (202489410 (193.11M) B/s), time 00.0060
% tfcrypt -qP -O iseek=516,count=256 k.bin | tfcrypt -d -M mac -m -c head -k - loudp2a.out
tfcrypt: signature is good
tfcrypt: read: 1223846 (1.17M), XTS decrypted 1223590 (1.17M) bytes, written 0 (0.00B) bytes, (193086634 (184.14M) B/s), time 00.0063
% tfcrypt -qP -O iseek=517,count=256 k.bin | tfcrypt -d -M mac -m -c head -k - loudp2a.out
tfcrypt: signature is BAD: wrong password, key, mode, or file is not signed
tfcrypt: read: 1223846 (1.17M), XTS decrypted 1223590 (1.17M) bytes, written 0 (0.00B) bytes, (160365661 (152.94M) B/s), time 00.0076
Unless there is REAL need in such situation when single process must obtain key this way, I will implement it. Sorry, but I don't see an urgent need in implementing it now. Closing.
In sksum two new options could be added:
One for specifying the offset starting from the beginning of the file/block device and other for specifying the size/amount of data (bytes) to be processed.
My suggestions.
In sksum two new options could be added:
One for specifying the offset starting from the beginning of the file/block device and other for specifying the size/amount of data (bytes) to be processed.
My suggestions.
This is already implemented:
sksum -O iseek=NR infile
to seek from offset zero by NR
bytes in infile
,
sksum -O count=NR infile
to hash only NR
bytes from infile
sksum -O iseek=NRX,count=NRY infile
to seek from offset zero by NRX
bytes in infile
and proceed to hash from that point NRY
bytes from same infile
.
There is no need to implement anything. Also, please see help page by typing tfcrypt -h
.
Sorry Rys, I didn't know that -O switches are valid to sksum.
No worries. sksum
and other embedded tools accept most of tfcrypt
options, as said in help page printed by sksum -h
. However there is limitation: only options valid for current tool are accepted. Others can either be ignored, or misinterpreted, and there is no any guarantee for using the wrong ones.
Most of them are included into help page of relevant tool. Maybe I need to rephrase the footer somehow, looks awkward...
In cryptsetup (currently 2.4.3) there is an interesting option:
When used, the program skip X bytes defined by user when reading the key file.
It would be interesting for luring an adversary a little bit when trying to find a valid key for decryption.