From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Fri, 16 Jun 2017 20:35:18 +0200 (CEST)
Received: from gatewagner.dyndns.org (77-56-144-126.dclient.hispeed.ch
 [77.56.144.126]) by v1.tansi.org (Postfix) with ESMTPA id F1A0A1400FD
 for <dm-crypt@saout.de>; Fri, 16 Jun 2017 20:35:02 +0200 (CEST)
Date: Fri, 16 Jun 2017 20:35:17 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20170616183517.GA9583@tansi.org>
References: <20170614234040.4326-1-mhalcrow@google.com>
 <0b268ff7-5fc8-c85f-a530-82e9844f0400@gmail.com>
 <20170615172450.GA27384@google.com>
 <20170616125511.GA11824@yeono.kjorling.se>
 <20170616143136.GA6852@tansi.org>
 <20170616144715.GC11824@yeono.kjorling.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <20170616144715.GC11824@yeono.kjorling.se>
Subject: Re: [dm-crypt] [RFC PATCH 0/4] Allow file systems to selectively
 bypass dm-crypt
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Fri, Jun 16, 2017 at 16:47:15 CEST, Michael Kj=F6rling wrote:
> On 16 Jun 2017 16:31 +0200, from arno@wagner.name (Arno Wagner):
[...]
> And of course, for those who use FDE to facilitate storage device
> decommissioning (just throw away the key and the data is effectively
> unreadable), the _knowledge_ that _all_ data that touches the storage
> device is encrypted before it does might even be the whole _point_ of
> using FDE.

That may actually be critical in an enterprise-scenario.=20
As in "do not use anything that does not have this property",
enforced by a policy.=20

> But I'm preaching to the choir, here. Or at least I hope I am.

You are. I think this whole thing is just another instance of
some crypto-novices to "improve" things. They usually do not=20
understand what the crypto actually assures and how easily that=20
can be broken. The only thing to do is (once again) explain
why this is a bad idea.

Regards,
Arno
=20
--=20
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier