From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Fri, 27 Dec 2019 21:47:08 +0100 (CET) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBRKWGuH078360 for ; Fri, 27 Dec 2019 15:47:05 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 2x5jsvs3ga-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 Dec 2019 15:47:05 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id xBRKZGVW007805 for ; Fri, 27 Dec 2019 20:47:04 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma02dal.us.ibm.com with ESMTP id 2x1b180n1u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 27 Dec 2019 20:47:04 +0000 Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xBRKl37M8519964 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 27 Dec 2019 20:47:03 GMT Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4BD8CBE051 for ; Fri, 27 Dec 2019 20:47:03 +0000 (GMT) Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 26D04BE04F for ; Fri, 27 Dec 2019 20:47:03 +0000 (GMT) Received: from mail.gmx.ibm.com (unknown [9.209.242.120]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTPS for ; Fri, 27 Dec 2019 20:47:03 +0000 (GMT) From: "Julio Cesar Faracco - jfaracco@br.ibm.com" Date: Fri, 27 Dec 2019 20:46:50 +0000 Message-ID: <65f0e9b350cd4e9bb418c8d87e4333fe@br.ibm.com> References: , In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dm-crypt] How to compress LUKS2 header? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "dm-crypt@saout.de" Thanks for your suggestions, guys... Do you have any recommendation to reduce this header size then? Imagine 1000 lab machines.. They are taking 20 GB to backup each header. Revert to LUKS v1 type is not a possibility. I appreciate your help... -- Julio Cesar Faracco =20 From: dm-crypt on behalf of Michael Kj=F6rling = Sent: Friday, December 27, 2019 1:20:11 PM To: dm-crypt@saout.de Subject: [EXTERNAL] Re: [dm-crypt] How to compress LUKS2 header? =A0 =20 On 27 Dec 2019 10:56 -0500, from gebser@mousecar.com (ken): > Compressing a file is one step in the encryption of that file.=A0 So if > your LUKS2 header file is encrypted, it's also already compressed.=A0 > Using ZIP on it would yield no further compression. No, encryption does not imply compression. Rather, trying to compress ciphertext is a largely pointless exercise if the encryption is any good in the first place; therefore, _if_ you're going to compress the data you're encrypting (keeping in mind that doing so is not always a good idea; see compression oracle attacks), then you need to compress first, then encrypt, not the other way around. I'm pretty sure the LUKS header backup isn't compressed. --=20 Michael Kj=F6rling =95 https://urldefense.proofpoint.com/v2/url?u=3Dhttps-= 3A__michael.kjorling.se&d=3DDwIGaQ&c=3Djf_iaSHvJObTbx-siA1ZOg&r=3DZRo7ioNm6= -KW9XMwc8-3Aqc6TBVFd8_9yk27A36m0u0&m=3DrQUoPqXVjthTyHfeJ02oW6vvxq9wwNPVBB1a= nj-N7kI&s=3DworTWmhb84zgfP27r3HYCW1CSw9M_93ZnC2rb_81SfQ&e=3D=A0 =95 michael= @kjorling.se =A0=93Remember when, on the Internet, nobody cared that you were a dog?=94 _______________________________________________ dm-crypt mailing list dm-crypt@saout.de https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__www.saout.de_mailman= _listinfo_dm-2Dcrypt&d=3DDwIGaQ&c=3Djf_iaSHvJObTbx-siA1ZOg&r=3DZRo7ioNm6-KW= 9XMwc8-3Aqc6TBVFd8_9yk27A36m0u0&m=3DrQUoPqXVjthTyHfeJ02oW6vvxq9wwNPVBB1anj-= N7kI&s=3Dpg-I-9_hpvWliVyuS2yTJk_kfFNljzWR1YSIUcHluIg&e=3D =