[dm-crypt] The future of disk encryption with LUKS2
arno at wagner.name
Mon Feb 8 17:48:22 CET 2016
On Mon, Feb 08, 2016 at 05:32:14 CET, Sven Eschenberg wrote:
> Am 08.02.2016 um 04:43 schrieb f-dm-c at media.mit.edu:
> > > Date: Mon, 8 Feb 2016 03:46:27 +0100
> > > From: Sven Eschenberg <sven at whgl.uni-frankfurt.de>
> > > If a sector fails, it is not that uncommon that a whole chunk of
> > > consecutive sectors fail (for rotating disks that is).
> >Oh, come on. A one-meg gap is 256 4K sectors and 1024 1K sectors.
> >I've never seen anything take out more than a handful of sectors
> >adjacent to each other unless the disk has completely failed.
> >Anything that's chewing up multiple megs or tens of megs at the start
> >of your FS is likely to destroy any other random parts of it as well.
> >Okay, how about a -10- meg gap? That enough?
> Well, I've seen several thoundand adjacent sectors going down. And
> not just once.
> As I pointed out creating a filesystem can easily destroy both
> headers, even though many FSes have a rather thin metadata
> structure. Another neat example mdadm - default is header at 4k
> (primary header will be damaged) followed by a bad block list and
> and intent bitmap. The size of those can vary afaik.
> To be honest, I am not completely sure what a good offset would be.
I like the end, because it is clear and far away. It is also what
md-RAID for superblock 0.90 does.
Non-redudancy during resize is not an issue, as anybody sane will
only resize with a header-backup done before. Insane people will
manage to screw up anyways, nothing we can do about that. Resize
is a dangerous operation, no way around that. We can prevent
people from hosing their LUKS container when creating filesysems
on it though, or partition sectors or the like.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt