[dm-crypt] The future of disk encryption with LUKS2

Yves-Alexis Perez corsac at debian.org
Fri Feb 5 16:01:14 CET 2016

On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
> No. You are trying to solve the wrong problem. First, disk 
> encryption with 1:1 mapping will never give you integrity 
> protection and the other variants kill performance.

I perfectly understand that, thank you. Again, I'm *well aware* of the need to
store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.

Can I sincerely ask that you not consider at first (and second, and third)
that I didn't think first about what I was asking on the list?
> And second, who says anything abot the "evil maid" changing
> things in the encrypted container?

I'm not following you here.
> Seriosuly, what you want you do not do with disk encryption, 
> but with PGP/GnuPG on file-level.

Because encrypting whole disk with GnuPG doesn't really scale, for example? I
have to admit I'm a bit puzzled by the question on this list, to be honest.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20160205/cd0d05db/attachment.asc>

More information about the dm-crypt mailing list