From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 16 Aug 2010 14:39:57 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 2FAC91218366 for ; Mon, 16 Aug 2010 14:39:55 +0200 (CEST) Date: Mon, 16 Aug 2010 14:39:54 +0200 From: Arno Wagner Message-ID: <20100816123954.GA24932@tansi.org> References: <20100726210741.GC24052@tansi.org> <1280180557.3266.136.camel@fermat.scientia.net> <4C682354.50907@web.de> <20100815221051.GA13494@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Efficacy of xts over 1TB List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Mon, Aug 16, 2010 at 01:44:59PM +0200, Mario 'BitKoenig' Holbe wrote: > Arno Wagner wrote: > > Well, if the attacker mirrors your network traffic with iSCSI, > > encryption does not matter anymore for any change analysis. > > But using such a set-up wpuld be pretty stupid anayways.... ;-) > > Why? Do you have better ideas how to circumvent trusting your remote > Backup Provider than encrypting everything before sending it away? > > Encrypted block-devices via iSCSI, AoE, or NBD are some of the more > comfortable solutions I'm thinking about when it comes to efficient > remote multi-generation backups (using rsnapshot on top, for example). I should have said "...pretty stupid anyways, if you are worried about a change analysis attack.". Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier