[dm-crypt] The future of disk encryption with LUKS2
corsac at debian.org
Fri Feb 5 16:01:14 CET 2016
On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
> No. You are trying to solve the wrong problem. First, disk
> encryption with 1:1 mapping will never give you integrity
> protection and the other variants kill performance.
I perfectly understand that, thank you. Again, I'm *well aware* of the need to
store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.
Can I sincerely ask that you not consider at first (and second, and third)
that I didn't think first about what I was asking on the list?
> And second, who says anything abot the "evil maid" changing
> things in the encrypted container?
I'm not following you here.
> Seriosuly, what you want you do not do with disk encryption,
> but with PGP/GnuPG on file-level.
Because encrypting whole disk with GnuPG doesn't really scale, for example? I
have to admit I'm a bit puzzled by the question on this list, to be honest.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part
More information about the dm-crypt