Hi, On 05/21/2013 01:41 AM, Arno Wagner wrote: > I am not really sure what you mean. > > Per-sector authenticatipn is infeasible as it requires > additional space. This is not communication encryption > where attaching a few bytes is possible. This is disk > encryption where 512 encrypted bytes have to fit exactly > into 512 bytes of space. Well additional space is no problem in my point of view. Let's assume we would tag a 512 sector with a "Mac" with 20 bytes length. Then we would need ~20GiB for Tags for a disk with a size of 500GiB. We still would have 480GiB for bulk data. In my opinion that's a fair deal. The problem of the sector size could be solved by tagging larger amounts of data with larger tags. I know that's not really more secure but it solves the problem with the sector size (e.g. tag 4KiB of data with 512 Byte Tags or sth. like that). > > Do you mean the header should authenticate itself to the > user in decryption? That would only make sense if a > malicious disk encryption system is assumed and would > have to be done before the passphrase is given. The > attacker model would be something like disk-impersonation > gere or a cryptsetup or kernel that tries to steal the > passphrase. No, i meant the point you mentioned above. Regards > > Arno > > > On Tue, May 21, 2013 at 12:31:09AM +0200, Ralf Ramsauer wrote: >> Hi, >> >> are there any weighty reasons why there is no support for authenticated >> encryption for >> dm-crypt or did simply no one want to implement it up to now? :-) >> >> Did anyone do any work on this topic up to now? I think authenticated >> encryption would >> be a nice feature. >> >> Regards >> >> -- >> Ralf Ramsauer >> >> PGP: 0x8F10049B >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt -- Ralf Ramsauer PGP: 0x8F10049B _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt