[dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?

Yaron Sheffer yaronf at gmx.com
Thu Jul 14 08:17:33 CEST 2011


Hi Arno,

I agree that most practical considerations point towards encrypt-over-RAID.

But in fact from a security point of view, it seems to me the situation 
is reversed. Looking at RAID-over-encryption, I disagree that having the 
same plaintext encrypted over multiple keys is a concern with modern 
ciphers. The real concern with most full disk encryption (and dm-crypt 
in particular) is integrity protection: the ability of an attacker to 
change the ciphertext undetected. This ability is greatly hampered when 
the attacker needs to coordinate the attacks on two mirrored blocks, 
otherwise the two copies would not be consistent.

I haven't researched all figerprinting attacks and the interaction with 
various ways of generating IVs, so my intuition may still be proven wrong.

Thanks,
Yaron


More information about the dm-crypt mailing list