From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RRllKLZNIkcy for ; Thu, 14 Jul 2011 08:24:17 +0200 (CEST) Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42]) by mail.saout.de (Postfix) with SMTP for ; Thu, 14 Jul 2011 08:24:17 +0200 (CEST) Message-ID: <4E1E89FD.80704@gmx.com> Date: Thu, 14 Jul 2011 09:17:33 +0300 From: Yaron Sheffer MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Encrypted Raid1 or Raid 1 of encrypted devices? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Arno, I agree that most practical considerations point towards encrypt-over-RAID. But in fact from a security point of view, it seems to me the situation is reversed. Looking at RAID-over-encryption, I disagree that having the same plaintext encrypted over multiple keys is a concern with modern ciphers. The real concern with most full disk encryption (and dm-crypt in particular) is integrity protection: the ability of an attacker to change the ciphertext undetected. This ability is greatly hampered when the attacker needs to coordinate the attacks on two mirrored blocks, otherwise the two copies would not be consistent. I haven't researched all figerprinting attacks and the interaction with various ways of generating IVs, so my intuition may still be proven wrong. Thanks, Yaron