[dm-crypt] Use of GCM mode with dm-crypt

Samantha Adams saman.adams at gmail.com
Tue May 3 14:22:23 CEST 2011


Probably the best solution is to check integrity in the FS layer.

Concerning gcm, in my opinion, it's a pity that we can't use an AE mode onf
encryption because in this way we would be able to also check data
authenticity.

Anyway, thank you all for you answers ! :)

Sam

On Wed, Apr 27, 2011 at 3:43 PM, Arno Wagner <arno at wagner.name> wrote:

> On Wed, Apr 27, 2011 at 11:41:01AM +0200, Milan Broz wrote:
> > On 04/27/2011 10:40 AM, Samantha Adams wrote:
> [...]
> > Basically it would be new encryption DM target (it can share code
> > but the mapping here is different).
> >
> > The crucial question where do you want to store authentication tag...
> > If there is some standard way, perhaphs it can be done.
> >
> > But isn't better to provide these integrity services to filesystem
> > on top of dmcrypt? (so fs can allocate blocks storing integrity info)
>
> In my view, integrity check, just as compression (and the filesystem
> itself) all belong on top of encryption. For the other two, this is
> obvious. For the integrity check, what is the FS layer to do if it
> fails? If you have error correction or redundancy in the FS, then
> it can do something, but on crypto-layer you can just propagate the
> error and handling would be done elsewhere. Also note that the
> problem of storing the tags.checksums goes away on the FS layer,
> as one of the primary tasks of a FS is storing metadata.
>
> Arno
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email:
> arno at wagner.name
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25
> 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
>
> If it's in the news, don't worry about it.  The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110503/2a0955a8/attachment.html>


More information about the dm-crypt mailing list