[dm-crypt] Cryptsetup-reencrypt and data integrity.

daniel at borek.me.uk daniel at borek.me.uk
Wed Mar 8 23:43:16 CET 2017


> On March 8, 2017 at 10:30 PM Arno Wagner <arno at wagner.name> wrote:
>
>
> Hi Daniel,
>
> as you need to do a backup anyways for this to be safe, it is
> very easy to just verify the backup against the volume after
> re-encryption one additional time.
>
> If you do this without backup, your data is obviously
> non-critical and so errors do not matter....
 
I'm mainly concerned with situations where there are backups present but still
there's no way to tell that re-encrypted data is actually the same as what was
backed up without doing manual comparisons using hashes, sums etc.

>
> Regards,
> Arno
>
>
> On Wed, Mar 08, 2017 at 20:55:24 CET, daniel at borek.me.uk wrote:
> > I was playing with cryptsetup-reencrypt recently and I noticed it
> > doesn't do any integrity checks on re-encrypted data and there is an
> > assumption everything went fine once the command completes. Are there
> > any plans to introduce integrity checks in the future? I understanding
> > that verifying large volumes of data would be a time consuming task but
> > lack of such option may be a show stopper for some setups.
> >
> >
> >
> > -Daniel-
>
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt at saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
>
>
> --
> Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
> GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
> ----
> A good decision is based on knowledge and not on numbers. -- Plato
>
> If it's in the news, don't worry about it. The very definition of
> "news" is "something that hardly ever happens." -- Bruce Schneier
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20170308/63a78bab/attachment.html>


More information about the dm-crypt mailing list