On Wed, Apr 27, 2011 at 11:41:01AM +0200, Milan Broz wrote: > On 04/27/2011 10:40 AM, Samantha Adams wrote: [...] > Basically it would be new encryption DM target (it can share code > but the mapping here is different). > > The crucial question where do you want to store authentication tag... > If there is some standard way, perhaphs it can be done. > > But isn't better to provide these integrity services to filesystem > on top of dmcrypt? (so fs can allocate blocks storing integrity info) In my view, integrity check, just as compression (and the filesystem itself) all belong on top of encryption. For the other two, this is obvious. For the integrity check, what is the FS layer to do if it fails? If you have error correction or redundancy in the FS, then it can do something, but on crypto-layer you can just propagate the error and handling would be done elsewhere. Also note that the problem of storing the tags.checksums goes away on the FS layer, as one of the primary tasks of a FS is storing metadata. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
