[dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?

Roscoe eocsor at gmail.com
Thu Jul 14 13:41:58 CEST 2011


On Thu, Jul 14, 2011 at 9:01 PM, Arno Wagner <arno at wagner.name> wrote:
...
> I thing your risk model is wrong. Basically it covers attacks
> were the attacker has access to only the storage and at the same
> time can actually do something serious with data manipulation.
> That is a rather unlikely scenario for disk encryption. Note that
> for communication encryption, this is a real and valid scenario.

Given the prevalence of of iSCSI, FC and similar, I wouldn't say it's
all that unlikely.

I for one would quite like assurances that network block device
providers couldn't impact my security. But, I imagine I'll have to
wait a while longer...

-- Roscoe


More information about the dm-crypt mailing list