From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v6.tansi.org (mail.tansi.org [87.118.116.4]) by mail.server123.net (Postfix) with ESMTP for ; Fri, 5 Feb 2016 12:02:33 +0100 (CET) Received: from gatewagner.dyndns.org (77-57-36-72.dclient.hispeed.ch [77.57.36.72]) by v6.tansi.org (Postfix) with ESMTPA id 4BEBE20DC530 for ; Fri, 5 Feb 2016 12:02:33 +0100 (CET) Date: Fri, 5 Feb 2016 12:02:32 +0100 From: Arno Wagner Message-ID: <20160205110232.GD29709@tansi.org> References: <56B20C05.7080307@gmail.com> <1454603376.4241.5.camel@debian.org> <20160204171753.GA20874@tansi.org> <1454653850.3573.2.camel@debian.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <1454653850.3573.2.camel@debian.org> Subject: Re: [dm-crypt] The future of disk encryption with LUKS2 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Feb 05, 2016 at 07:30:50 CET, Yves-Alexis Perez wrote: > On jeu., 2016-02-04 at 18:17 +0100, Arno Wagner wrote: > > Maybe my crypto-knowledge deserts me here, but how is that > > relevant for storage encryption?=A0 > >=20 > > If somebody can replay old storage blocks, they have already=A0 > > compromised your machine and can do what they want,=A0 >=20 > Think external drives / removable storage? An attacker with physical access that you do not notice has=20 won. Storage encryption does not protect here. Think, for=20 example, "evil maid" type attacks. Storage encryption is only for theft of the device (which you notice) or=20 attacker access which you notice in other ways. Regards, Arno > >=20 > > And authenticated encryption seems to not even apply to storage, > > unless you are thinking about integrity.=20 >=20 > Indeed. >=20 > > If so, wrong project, > > as integrity always requires additional bits and LUKS/DM-cryopt > > does not have them bu design. >=20 > I am well aware of the need to store the integrity patterns, that's why I= 'm > asking this in context of LUKS2. Thanks for the reply though. >=20 > Regards, > --=20 > Yves-Alexis >=20 > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt --=20 Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of=20 "news" is "something that hardly ever happens." -- Bruce Schneier