From: Milan Broz <gmazyland@gmail.com>
To: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] Authenticated Encryption for dm-crypt
Date: Tue, 21 May 2013 19:22:59 +0200 [thread overview]
Message-ID: <519BAD73.9020605@gmail.com> (raw)
In-Reply-To: <519B7D75.1080304@ramses-pyramidenbau.de>
On 21.5.2013 15:58, Ralf Ramsauer wrote:
> Arno, your objections are legitimate.Though I think that authenticity
> would be a nice feature to dm-crypt.
> And i also think, that it *could* be realisable.
... And you are not the first thinking about this :-)
We even talked about using GCM mode (around 2011) but unfortunately
student interested in some proof-of-concept implementation for dmcrypt
abandoned this project.
(Maybe time for another try...)
Whatever, there are at least three basic concepts:
- one said, this should be done on higher level (where you know
which sectors contains real data - e.g. btrfs)
- second, which prefers separation of integrity and encryption
(see e.g. dm-integrity patches on dm-devel or dm-verity for read-only)
(You can stack integrity above dmcrypt.)
- and the third, using auth mode directly in dm-crypt
Here I would prefer to have some "standardised" on-disk layout for auth
tag. There are several approaches. (Some would work
better with non-rotational media, some are more problematic.)
(If you don't mind losing half of the disk space, you can internaly
use 1+1 sector (wasting second sector just for auth tag) and play
with disk limits/topology and sector size. This would work nicely even
for rotational media.
(Storing more tags in one sector is just slightly more complicated,
but it adds more risk for data corruption if write fails during
powerfail or so.)
I am not sure how much useful is using authenticated encyption
for real applications, but as my former colleague would say - please
send a patch :-)
Milan
prev parent reply other threads:[~2013-05-21 17:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-20 22:31 [dm-crypt] Authenticated Encryption for dm-crypt Ralf Ramsauer
2013-05-20 23:41 ` Arno Wagner
2013-05-20 23:59 ` Ralf Ramsauer
2013-05-21 2:17 ` Arno Wagner
2013-05-21 7:24 ` octane indice
2013-05-21 13:58 ` Ralf Ramsauer
2013-05-21 17:22 ` Milan Broz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519BAD73.9020605@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=ralf@ramses-pyramidenbau.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox