From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corsac@debian.org>
Received: from molly.corsac.net (pic75-3-78-194-244-226.fbxo.proxad.net
 [78.194.244.226])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  5 Feb 2016 07:30:55 +0100 (CET)
Message-ID: <1454653850.3573.2.camel@debian.org>
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 05 Feb 2016 07:30:50 +0100
In-Reply-To: <20160204171753.GA20874@tansi.org>
References: <CAFnMBaRfu93jkgmZ_vLDChF7Uv-dCE6dNN6YkSxU3EFvn8iHtg@mail.gmail.com>
 <56B20C05.7080307@gmail.com> <1454603376.4241.5.camel@debian.org>
 <20160204171753.GA20874@tansi.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
 protocol="application/pgp-signature"; boundary="=-TYtHjEgtzj79x3wfhOy8"
Mime-Version: 1.0
Subject: Re: [dm-crypt] The future of disk encryption with LUKS2
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Arno Wagner <arno@wagner.name>, dm-crypt@saout.de


--=-TYtHjEgtzj79x3wfhOy8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On jeu., 2016-02-04 at 18:17 +0100, Arno Wagner wrote:
> Maybe my crypto-knowledge deserts me here, but how is that
> relevant for storage encryption?=C2=A0
>=20
> If somebody can replay old storage blocks, they have already=C2=A0
> compromised your machine and can do what they want,=C2=A0

Think external drives / removable storage?
>=20
> And authenticated encryption seems to not even apply to storage,
> unless you are thinking about integrity.=20

Indeed.

> If so, wrong project,
> as integrity always requires additional bits and LUKS/DM-cryopt
> does not have them bu design.

I am well aware of the need to store the integrity patterns, that's why I'm
asking this in context of LUKS2. Thanks for the reply though.

Regards,
--=20
Yves-Alexis


--=-TYtHjEgtzj79x3wfhOy8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJWtEGbAAoJEG3bU/KmdcClMd4IAKMe5Rsq7fU4cGKMUiBvEVar
1Nk6GDQqH4O55PDCFrYWoyRnt7voSQE+mztEAfDY5C1gn132JGJurKSwkRP5+sBG
HVPGD5NdLWo0RObclEET0A1vO0fxgcA2Uyn8eSDShE4/qdXM9gPzAFZypoz5RTyL
+rEUMOiMC3IXcOWR//OBm8qskysuudM9e94UO6cXVlkLgIGOmT9W73MVC7K13vbv
OpQLI0R7PtVuu25cHcFLl2lW9QVFqjFD6R4W9MM0fouKaewBV3wiJkUmmEKnZ7kg
Yw61erb/oEWxv9/myQCC5LD5fcKeFKM0SV9wSJp7/GQ/8HHdcMoJ1dDfe8Miioo=
=XMTn
-----END PGP SIGNATURE-----

--=-TYtHjEgtzj79x3wfhOy8--