[dm-crypt] The future of disk encryption with LUKS2

Arno Wagner arno at wagner.name
Fri Feb 5 20:45:35 CET 2016


On Fri, Feb 05, 2016 at 16:44:02 CET, Milan Broz wrote:
> On 02/05/2016 04:24 PM, Arno Wagner wrote:
> > On Fri, Feb 05, 2016 at 16:01:14 CET, Yves-Alexis Perez wrote:
> >> On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
> >>> No. You are trying to solve the wrong problem. First, disk 
> >>> encryption with 1:1 mapping will never give you integrity 
> >>> protection and the other variants kill performance.
> >>
> >> I perfectly understand that, thank you. Again, I'm *well aware* of the need to
> >> store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.
> >>
> >> Can I sincerely ask that you not consider at first (and second, and third)
> >> that I didn't think first about what I was asking on the list?
> > 
> > Then why are you asking about integrity protection on a list
> > dedicated to a block-layer encryption system? That does not make
> > any sense. If you state things that do not make sense then I
> > will point that out, because there is a real possibility that
> > your reasoning process (I am not implying there was none) was 
> > flawed. 
> 
> I think it is perfectly fine to ask there (please do not forget
> we are still closely cooperating with storage guys).

It is fine to ask. But if you get your hackles up when being
told "not really", that is something else.
 
> And by the way, we have a experimental plan to test authenticated
> encryption on this level (obviously part of that is to solve additional
> metadata space).  (Even if it is not usable in the end I would like to try
> that.)

Sure, it would be interesting to see how badly this impacts
performance, for example. 
 
> The reply/revert attack possibility without support of specific hw will
> be still there but I would say even if we can provide method how to detect
> random corruption of sectors it could be useful.

>From my experience with larger storage systems, I doubt that.
The disks do an excellent job of detecting sector corruption 
themselves these days. And even before, a defective CPU or RAM
was much more likely the cause of data corruption than an
undetected read error on disk.

As it is basically free with authenticated encryption, it may
still have some use though.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list