On Thu, Aug 01, 2013 at 12:41:34PM +0200, Milan Broz wrote: > > On 08/01/2013 11:49 AM, Ciprian Dorin Craciun wrote: > > On Thu, Aug 1, 2013 at 10:43 AM, Milan Broz <gmazyland@xxxxxxxxx> wrote: > >> On 1.8.2013 9:00, Ciprian Dorin Craciun wrote: > >>> > >>> As said, I guess this can be obtained in two ways: > >>> * either if there is a "backward" mode for dm-crypt; (which I'm > >>> not aware of;) > >> > >> > >> No, there is not. > >> > >> I hope I understand your use case correctly, bu if so, this mode > >> (transport over network) _cannot_ be secure. > > > > Indeed such a solution I'm after won't be "completely" secure (as > > a matter of fact nothing can be completely as that would imply > > perfection). And in my particular use case I don't need it. > > Well, you have been warned... and you can always shoot yourself in the foot ;-) And you will. Even exporting the encrypted block device is insecure (i.e. "doing it right"), as disk encryption has a different attacker mdoel than communication encryption and different limitations. If, at some time, you decide you actually want to be secure, move to any VPN-tunnel like solution. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult. --Tony Hoare _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
