From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com
 [IPv6:2a00:1450:400c:c09::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  5 Feb 2016 16:44:05 +0100 (CET)
Received: by mail-wm0-x22b.google.com with SMTP id p63so32107986wmp.1
 for <dm-crypt@saout.de>; Fri, 05 Feb 2016 07:44:04 -0800 (PST)
Received: from [192.168.2.28] (218.83.broadband9.iol.cz. [90.176.83.218])
 by smtp.gmail.com with ESMTPSA id i5sm16408011wja.23.2016.02.05.07.44.03
 for <dm-crypt@saout.de>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 05 Feb 2016 07:44:03 -0800 (PST)
References: <CAFnMBaRfu93jkgmZ_vLDChF7Uv-dCE6dNN6YkSxU3EFvn8iHtg@mail.gmail.com>
 <56B20C05.7080307@gmail.com> <1454603376.4241.5.camel@debian.org>
 <20160204171753.GA20874@tansi.org> <1454653850.3573.2.camel@debian.org>
 <20160205110232.GD29709@tansi.org> <1454678001.21086.24.camel@debian.org>
 <20160205133123.GA31320@tansi.org> <1454684474.21086.30.camel@debian.org>
 <20160205152440.GC32199@tansi.org>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <56B4C342.1080505@gmail.com>
Date: Fri, 5 Feb 2016 16:44:02 +0100
MIME-Version: 1.0
In-Reply-To: <20160205152440.GC32199@tansi.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] The future of disk encryption with LUKS2
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 02/05/2016 04:24 PM, Arno Wagner wrote:
> On Fri, Feb 05, 2016 at 16:01:14 CET, Yves-Alexis Perez wrote:
>> On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote:
>>> No. You are trying to solve the wrong problem. First, disk 
>>> encryption with 1:1 mapping will never give you integrity 
>>> protection and the other variants kill performance.
>>
>> I perfectly understand that, thank you. Again, I'm *well aware* of the need to
>> store integrity patterns somewhere. I'm *not* asking for 1:1 mapping.
>>
>> Can I sincerely ask that you not consider at first (and second, and third)
>> that I didn't think first about what I was asking on the list?
> 
> Then why are you asking about integrity protection on a list
> dedicated to a block-layer encryption system? That does not make
> any sense. If you state things that do not make sense then I
> will point that out, because there is a real possibility that
> your reasoning process (I am not implying there was none) was 
> flawed. 

I think it is perfectly fine to ask there (please do not forget
we are still closely cooperating with storage guys).

And by the way, we have a experimental plan to test authenticated encryption
on this level (obviously part of that is to solve additional metadata space).
(Even if it is not usable in the end I would like to try that.)

The reply/revert attack possibility without support of specific hw will
be still there but I would say even if we can provide method how to detect
random corruption of sectors it could be useful.

Milan