On Fri, Feb 05, 2016 at 16:01:14 CET, Yves-Alexis Perez wrote: > On ven., 2016-02-05 at 14:31 +0100, Arno Wagner wrote: > > No. You are trying to solve the wrong problem. First, disk > > encryption with 1:1 mapping will never give you integrity > > protection and the other variants kill performance. > > I perfectly understand that, thank you. Again, I'm *well aware* of the need to > store integrity patterns somewhere. I'm *not* asking for 1:1 mapping. > > Can I sincerely ask that you not consider at first (and second, and third) > that I didn't think first about what I was asking on the list? Then why are you asking about integrity protection on a list dedicated to a block-layer encryption system? That does not make any sense. If you state things that do not make sense then I will point that out, because there is a real possibility that your reasoning process (I am not implying there was none) was flawed. > > And second, who says anything abot the "evil maid" changing > > things in the encrypted container? > > I'm not following you here. Attacks on hardware, replacement of the disk with something that attacks the boot process, Firewire, USB, etc. vulnerabilities, changes in non-encrypted areas, etc. > > > > Seriosuly, what you want you do not do with disk encryption, > > but with PGP/GnuPG on file-level. > > Because encrypting whole disk with GnuPG doesn't really scale, for > example? I have to admit I'm a bit puzzled by the question on this list, > to be honest. Use eCryptFS for a scalable implementation of that idea. In fact, eCryptFS uses a file-format derived from PGP, and that is no accident. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
