FWIW, putting integrity checking at the filesystem layer should be done carefully as well. If your threat model includes attacks resulting from attacker-controlled metadata, then you may still be exposed to a variety of issues in the filesystem layer itself (even if it is difficult for an attacker to do reliably given how great dm-crypt is :). I've had good experience layering a dm target for block-level integrity checking under the fs layer as it avoids the risks associated and gets all the nice benefits of the block cache, etc. (The target my project uses isn't upstream yet, but after a lot of in-progress cleanup, we hope it will be![1]). The approach should layer just fine with dm-crypt as well. Anyway, just my two cents. Cheers! will 1 - http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=blob;f=Documentation/device-mapper/dm-verity.txt On Tue, May 3, 2011 at 5:22 AM, Samantha Adams <saman.adams@xxxxxxxxx> wrote: > Probably the best solution is to check integrity in the FS layer. > > Concerning gcm, in my opinion, it's a pity that we can't use an AE mode onf > encryption because in this way we would be able to also check data > authenticity. > > Anyway, thank you all for you answers ! :) > > Sam > > On Wed, Apr 27, 2011 at 3:43 PM, Arno Wagner <arno@xxxxxxxxxxx> wrote: >> >> On Wed, Apr 27, 2011 at 11:41:01AM +0200, Milan Broz wrote: >> > On 04/27/2011 10:40 AM, Samantha Adams wrote: >> [...] >> > Basically it would be new encryption DM target (it can share code >> > but the mapping here is different). >> > >> > The crucial question where do you want to store authentication tag... >> > If there is some standard way, perhaphs it can be done. >> > >> > But isn't better to provide these integrity services to filesystem >> > on top of dmcrypt? (so fs can allocate blocks storing integrity info) >> >> In my view, integrity check, just as compression (and the filesystem >> itself) all belong on top of encryption. For the other two, this is >> obvious. For the integrity check, what is the FS layer to do if it >> fails? If you have error correction or redundancy in the FS, then >> it can do something, but on crypto-layer you can just propagate the >> error and handling would be done elsewhere. Also note that the >> problem of storing the tags.checksums goes away on the FS layer, >> as one of the primary tasks of a FS is storing metadata. >> >> Arno >> -- >> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: >> arno@xxxxxxxxxxx >> GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 >> 338F >> ---- >> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans >> >> If it's in the news, don't worry about it. The very definition of >> "news" is "something that hardly ever happens." -- Bruce Schneier >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
