[dm-crypt] The future of disk encryption with LUKS2

Milan Broz gmazyland at gmail.com
Fri Feb 5 16:44:02 CET 2016

On 02/05/2016 04:24 PM, Arno Wagner wrote:
> On Fri, Feb 05, 2016 at 16:01:14 CET, Yves-Alexis Perez wrote:
>> On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
>>> No. You are trying to solve the wrong problem. First, disk 
>>> encryption with 1:1 mapping will never give you integrity 
>>> protection and the other variants kill performance.
>> I perfectly understand that, thank you. Again, I'm *well aware* of the need to
>> store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.
>> Can I sincerely ask that you not consider at first (and second, and third)
>> that I didn't think first about what I was asking on the list?
> Then why are you asking about integrity protection on a list
> dedicated to a block-layer encryption system? That does not make
> any sense. If you state things that do not make sense then I
> will point that out, because there is a real possibility that
> your reasoning process (I am not implying there was none) was 
> flawed. 

I think it is perfectly fine to ask there (please do not forget
we are still closely cooperating with storage guys).

And by the way, we have a experimental plan to test authenticated encryption
on this level (obviously part of that is to solve additional metadata space).
(Even if it is not usable in the end I would like to try that.)

The reply/revert attack possibility without support of specific hw will
be still there but I would say even if we can provide method how to detect
random corruption of sectors it could be useful.


More information about the dm-crypt mailing list