[dm-crypt] The future of disk encryption with LUKS2

Yves-Alexis Perez corsac at debian.org
Fri Feb 5 07:30:50 CET 2016


On jeu., 2016-02-04 at 18:17 +0100, Arno Wagner wrote:
> Maybe my crypto-knowledge deserts me here, but how is that
> relevant for storage encryption? 
> 
> If somebody can replay old storage blocks, they have already 
> compromised your machine and can do what they want, 

Think external drives / removable storage?
> 
> And authenticated encryption seems to not even apply to storage,
> unless you are thinking about integrity. 

Indeed.

> If so, wrong project,
> as integrity always requires additional bits and LUKS/DM-cryopt
> does not have them bu design.

I am well aware of the need to store the integrity patterns, that's why I'm
asking this in context of LUKS2. Thanks for the reply though.

Regards,
-- 
Yves-Alexis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160205/09bdff0f/attachment.asc>


More information about the dm-crypt mailing list