[dm-crypt] The future of disk encryption with LUKS2

Yves-Alexis Perez corsac at debian.org
Fri Feb 5 14:13:21 CET 2016


On ven., 2016-02-05 at 12:02 +0100, Arno Wagner wrote:
> > Think external drives / removable storage?
> 
> An attacker with physical access that you do not notice has 
> won. Storage encryption does not protect here. Think, for 
> example, "evil maid" type attacks. Storage encryption
> is only for theft of the device (which you notice) or 
> attacker access which you notice in other ways.

This is exactly why integrity matters? The point is to have an usb drive /
external disk *fully* encrypted. The decryption is done by the host (which is
trusted). In that case, confidentiality and integrity are both important.

Regards,
-- 
Yves-Alexis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160205/358c8926/attachment.asc>


More information about the dm-crypt mailing list