Hi Arno,
I agree that most practical considerations point towards encrypt-over-RAID.
But in fact from a security point of view, it seems to me the situation
is reversed. Looking at RAID-over-encryption, I disagree that having the
same plaintext encrypted over multiple keys is a concern with modern
ciphers. The real concern with most full disk encryption (and dm-crypt
in particular) is integrity protection: the ability of an attacker to
change the ciphertext undetected. This ability is greatly hampered when
the attacker needs to coordinate the attacks on two mirrored blocks,
otherwise the two copies would not be consistent.
I haven't researched all figerprinting attacks and the interaction with
various ways of generating IVs, so my intuition may still be proven wrong.
Thanks,
Yaron
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
