Is there a way to achieve this? The use-case I'm considering is
something like distributed network RAID (e.g. cleversafe). With using
standard ESSIV:SHA256 the problem is that if the key were recovered,
some of the information can still be extracted from any one node (the
blocks that exist on that node).
If the initialization vector was dependent on the previous sector
(which, for the 1st sector of the device will be based on the last
sector of the previous block which is on a different device, then
recovering any data from a stolen node, even if keys were breached (e.g.
using a method to dump the contents of RAM for up to 10 minutes after
power-down) would be much more difficult. At worst (if we flush the
caches immediately after accessing the first sector on the local
device), it would allow recovering the first block of the data if the
first node is the stolen one (and the 1st block doesn't usually contain
anything more useful than the superblock/block-group header), which is
still better than all of the data on the node, even if it is only fragments.
Has anyone considered such a thing? Is there a patch to achieve
something like this?
Gordan
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
