[dm-crypt] dm-crypt overhead

Michael Kjörling michael at kjorling.se
Thu Mar 1 17:00:49 CET 2018

On 1 Mar 2018 15:59 +0100, from numberfour at seznam.cz (Lukáš Pohanka):
> However, does this mean there is currently no chance of using any
> form of authenticated encryption in our case?

You could use a validating file system (such as ZFS or Btrfs) with a
plainly encrypted container. An adversary would then need to alter the
correct data block, plus the metadata block that holds the checksum
for the data block. Depending on the specific file system architecture
this could require correctly altering blocks all the way to the root
structures ("superblocks") of the file system. That might be good
enough even if authenticated encryption is unavailable.

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
  “The most dangerous thought that you can have as a creative person
              is to think you know what you’re doing.” (Bret Victor)

More information about the dm-crypt mailing list