From: Theodore Ts'o <tytso@mit.edu>
To: Milan Broz <gmazyland@gmail.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>,
linux-ext4@vger.kernel.org, dm-devel@redhat.com
Subject: Re: [dm-devel] Some thoughts about providing data block checksumming for ext4
Date: Thu, 6 Nov 2014 07:55:17 -0500 [thread overview]
Message-ID: <20141106125517.GA3719@thunk.org> (raw)
In-Reply-To: <545A9885.8070901@gmail.com>
On Wed, Nov 05, 2014 at 10:37:09PM +0100, Milan Broz wrote:
>
> Also, for encrypted devices (either on file level or block level) I think
> there are still requests for implementing real crypto authenticated modes (like GCM)
> which obviously need similar space for auth tag. (I think ZFS uses it this way.)
Yes, although it depends on your threat model. If you need to worry
about known or chosen plaintext attack modes --- for example, if you
were implementing the chrome browser where the attacker might be able
to play MITM and replace web pages which would then get encrypted in
the browser cache, and where the attacker can continuously read and/or
replace blocks (say, because of some really stupid design where you
are using an unprotected iSCSI connection). Or if you assume the
attacker can remove the hard drive, twiddle some blocks, and then
surreptitiously replace the hard drive many times, then yes, you need
to worry about data integrity because a system that doesn't include a
MAC --- such as what dm-crypt provides, is simply not enough.
Basically, a dm-crypt style block device encryption is only good if
your threat model is "the attacker steals the laptop and I want to
keep the contents of the storage device safe".
Michael Halcrow discussed this in this years Linux Security Symposium:
http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf
Cheers,
- Ted
next prev parent reply other threads:[~2014-11-06 12:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-03 23:33 Some thoughts about providing data block checksumming for ext4 Theodore Ts'o
2014-11-04 21:20 ` Andreas Dilger
2014-11-04 23:58 ` Theodore Ts'o
2014-11-04 21:39 ` [dm-devel] " Mikulas Patocka
2014-11-04 22:06 ` Mikulas Patocka
2014-11-05 0:27 ` Mikulas Patocka
2014-11-05 21:37 ` Milan Broz
2014-11-06 12:55 ` Theodore Ts'o [this message]
2014-11-05 2:33 ` Theodore Ts'o
2014-11-26 23:47 ` Darrick J. Wong
2014-11-27 0:07 ` Mike Snitzer
2014-11-27 0:39 ` Darrick J. Wong
2015-01-23 16:46 ` [dm-devel] " Vasily Tarasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141106125517.GA3719@thunk.org \
--to=tytso@mit.edu \
--cc=dm-devel@redhat.com \
--cc=gmazyland@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=mpatocka@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).