[dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices?
yaronf at gmx.com
Thu Jul 14 08:17:33 CEST 2011
I agree that most practical considerations point towards encrypt-over-RAID.
But in fact from a security point of view, it seems to me the situation
is reversed. Looking at RAID-over-encryption, I disagree that having the
same plaintext encrypted over multiple keys is a concern with modern
ciphers. The real concern with most full disk encryption (and dm-crypt
in particular) is integrity protection: the ability of an attacker to
change the ciphertext undetected. This ability is greatly hampered when
the attacker needs to coordinate the attacks on two mirrored blocks,
otherwise the two copies would not be consistent.
I haven't researched all figerprinting attacks and the interaction with
various ways of generating IVs, so my intuition may still be proven wrong.
More information about the dm-crypt