On Fri, Feb 05, 2016 at 20:53:44 CET, Arno Wagner wrote: > On Fri, Feb 05, 2016 at 17:50:14 CET, Yves-Alexis Perez wrote: > > On ven., 2016-02-05 at 16:24 +0100, Arno Wagner wrote: > > > Then why are you asking about integrity protection on a list > > > dedicated to a block-layer encryption system? That does not make > > > any sense. If you state things that do not make sense then I > > > will point that out, because there is a real possibility that > > > your reasoning process (I am not implying there was none) was > > > flawed. > > > > > Because integrity protection *does* make sense on block layer encryption? > > The fact that you don't have a 1:1 mapping is indeed an issue, and that's > > why I was asking in the context of the LUKS2 thread (where supposedly new > > ideas could be thrown), because solving the involved challenges would be > > useful in the context of dm-crypt. I think. You could store all ICV in a > > specific place in the block device, or have one block of ICVs every once > > in a while, or something else. It'd involve some clever calculation > > indeed but it might be doable. > > > > But I can perfectly understand if it's not something which interest > > developers here, and I can perfectly take “no” as an answer :) > > Well, as they plan to *experiment* with it anyways (and I assume > "they" will be the dm-crypt people), we will see how viable it is. > > > > > > And second, who says anything abot the "evil maid" changing > > > > > things in the encrypted container? > > > > > > > > I'm not following you here. > > > > > > Attacks on hardware, replacement of the disk with something that > > > attacks the boot process, Firewire, USB, etc. vulnerabilities, > > > changes in non-encrypted areas, etc. > > > > > This is about your external disk drive or usb where you put data on it. > > This is not about boot integrity or something, really. > > I am well aware of that. Have a look at what types of "evil maid" > attacks are possible today. If somebody competent had access to > your storage device, chances are they will be able to successfully > attack the next machine you plug it into. Sure, may be expensive, > may take hardware modification, but do not think just because it > is "only" a storage device it is always safe to plug it into a > computer. > > Regards, > Arno P.S. Also, I apologize, I think I over-reacted. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
