On 04/27/2011 10:40 AM, Samantha Adams wrote: > I would like to continue the post from December 2010 concerning GCM > as it seems to be one of the few available modes to provide data > integrity. > > It is true that GCM adds the authenication tag in every sector and as > result we are going to have a sector bigger in size. So, it makes it > unsuitable for use with dmcrypt. Exactly. dmcrypt provides just transparent encryption so the ciphertext device and plaintext device is of the same size, we have no space to store authentication tag to. > But is it possible to allocate some space elsewhere for the tag ? Are > they any possible modifications we could make so we could use gcm > with dmcrypt ? Basically it would be new encryption DM target (it can share code but the mapping here is different). The crucial question where do you want to store authentication tag... If there is some standard way, perhaphs it can be done. But isn't better to provide these integrity services to filesystem on top of dmcrypt? (so fs can allocate blocks storing integrity info) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
