[dm-crypt] Authenticated Encryption for dm-crypt

Ralf Ramsauer ralf at ramses-pyramidenbau.de
Tue May 21 01:59:01 CEST 2013

On 05/21/2013 01:41 AM, Arno Wagner wrote:
> I am not really sure what you mean. 
> Per-sector authenticatipn is infeasible as it requires 
> additional space. This is not communication encryption
> where attaching a few bytes is possible. This is disk
> encryption where 512 encrypted bytes have to fit exactly
> into 512 bytes of space. 
Well additional space is no problem in my point of view. Let's assume we
would tag a 512 sector with a "Mac" with 20 bytes length.
Then we would need ~20GiB for Tags for a disk with a size of 500GiB. We
still would have 480GiB for bulk data. In my opinion
that's a fair deal. The problem of the sector size could be solved by
tagging larger amounts of data with larger tags. I know
that's not really more secure but it solves the problem with the sector
size (e.g. tag 4KiB of data with 512 Byte Tags or sth. like that).
> Do you mean the header should authenticate itself to the 
> user in decryption? That would only make sense if a 
> malicious disk encryption system is assumed and would 
> have to be done before the passphrase is given. The
> attacker model would be something like disk-impersonation
> gere or a cryptsetup or kernel that tries to steal the
> passphrase.
No, i meant the point you mentioned above.

> Arno
> On Tue, May 21, 2013 at 12:31:09AM +0200, Ralf Ramsauer wrote:
>> Hi,
>> are there any weighty reasons why there is no support for authenticated
>> encryption for
>> dm-crypt or did simply no one want to implement it up to now? :-)
>> Did anyone do any work on this topic up to now? I think authenticated
>> encryption would
>> be a nice feature.
>> Regards
>> -- 
>> Ralf Ramsauer
>> PGP: 0x8F10049B
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt

Ralf Ramsauer

PGP: 0x8F10049B

More information about the dm-crypt mailing list