From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corsac@debian.org>
Received: from molly.corsac.net (unknown
 [IPv6:2a01:e34:ec2f:4e20:ff:ff:fe00:5])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  5 Feb 2016 16:08:17 +0100 (CET)
Message-ID: <1454684474.21086.30.camel@debian.org>
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 05 Feb 2016 16:01:14 +0100
In-Reply-To: <20160205133123.GA31320@tansi.org>
References: <CAFnMBaRfu93jkgmZ_vLDChF7Uv-dCE6dNN6YkSxU3EFvn8iHtg@mail.gmail.com>
 <56B20C05.7080307@gmail.com> <1454603376.4241.5.camel@debian.org>
 <20160204171753.GA20874@tansi.org> <1454653850.3573.2.camel@debian.org>
 <20160205110232.GD29709@tansi.org> <1454678001.21086.24.camel@debian.org>
 <20160205133123.GA31320@tansi.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
 protocol="application/pgp-signature"; boundary="=-qG7XOjCDfgEhvWee5wyW"
Mime-Version: 1.0
Subject: Re: [dm-crypt] The future of disk encryption with LUKS2
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Arno Wagner <arno@wagner.name>, dm-crypt@saout.de


--=-qG7XOjCDfgEhvWee5wyW
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
> No. You are trying to solve the wrong problem. First, disk=C2=A0
> encryption with 1:1 mapping will never give you integrity=C2=A0
> protection and the other variants kill performance.

I perfectly understand that, thank you. Again, I'm *well aware* of the need=
 to
store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.

Can I sincerely ask that you not consider at first (and second, and third)
that I didn't think first about what I was asking on the list?
>=20
> And second, who says anything abot the "evil maid" changing
> things in the encrypted container?

I'm not following you here.
>=20
> Seriosuly, what you want you do not do with disk encryption,=C2=A0
> but with PGP/GnuPG on file-level.

Because encrypting whole disk with GnuPG doesn't really scale, for example?=
 I
have to admit I'm a bit puzzled by the question on this list, to be honest.

Regards,
--=20
Yves-Alexis


--=-qG7XOjCDfgEhvWee5wyW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJWtLk7AAoJEG3bU/KmdcClw/sIAIYwm25zvyz9w58nb2up0KRY
aj58kWwC0qWm/9NG94CwTKGo4+TcmZtfg6TohvUNi7X0Tn2mi3J4ZecsMov8AraH
P8bxk3kKd+Pp/E8RJSmtkEbIIJoihk4yN1J9sSObmuzV0P6Es3LglrvI06opNpjj
GV7cRP5kdJBmrs3jjKflWuE0Wq8EnfQWrlJVRdOD/tHAJt7EJMcCtqBfnqSyHtO7
oN4WBY3V5KQTxeC3BD/8Yk0/TaG4wmqOszPFC+Bes492slWgz04PjchV6E/5xrq1
e246Kd/Vba8VMlvLR7J9WGcWvXKnC9mjgiR1SD4fGqTmf7plHpG5lDxzM66YsLg=
=n+zw
-----END PGP SIGNATURE-----

--=-qG7XOjCDfgEhvWee5wyW--