From: Milan Broz <mbroz@redhat.com>
To: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, dm-devel@redhat.com,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/1] dm-integrity: integrity protection device-mapper target
Date: Mon, 24 Sep 2012 15:47:02 +0200 [thread overview]
Message-ID: <50606456.7020607@redhat.com> (raw)
In-Reply-To: <cover.1348480396.git.dmitry.kasatkin@intel.com>
On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote:
> Both dm-verity and dm-crypt provide block level integrity protection.
This is not correct. dm-crypt is transparent block encryption target,
where always size of plaintext == size of ciphertext.
So it can provide confidentiality but it CANNOT provide integrity protection.
We need extra space to store auth tag which dmcrypt cannot provide currently.
> dm-integrity provides a lighter weight read-write block level integrity
> protection for file systems not requiring full disk encryption, but
> which do require writability.
Obvious question: can be dm-verity extended to provide read-write integrity?
I would prefer to use standard mode like GCM to provide both encryption and
integrity protection than inventing something new.
Milan
next prev parent reply other threads:[~2012-09-24 13:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-24 9:55 [PATCH 0/1] dm-integrity: integrity protection device-mapper target Dmitry Kasatkin
2012-09-24 9:55 ` [PATCH 1/1] " Dmitry Kasatkin
2012-09-24 13:47 ` Milan Broz [this message]
2012-09-24 16:20 ` [PATCH 0/1] " Kasatkin, Dmitry
2012-09-25 12:15 ` Milan Broz
2012-09-25 12:15 ` Milan Broz
2012-09-25 15:42 ` Kasatkin, Dmitry
2012-09-25 15:42 ` Kasatkin, Dmitry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50606456.7020607@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-devel@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.