On Thu, Sep 26, 2019 at 23:27:27 CEST, Robert Nichols wrote: > I wasn't even thinking of trim pass-through. I routinely set up VMs with > space allocations that, in total, exceed the space available on the host. > Such VMs cannot use authenticated encryption since they would have to > immediately use all of their allocated space. I also routinely save > system images with partclone or clonezilla, specifically to avoid saving > the content of the free space in the filesystems. Such an image would > fail authentication when restored. These are fairly common practices. > LUKS2 authenticated encryption should come with huge warnings. I think a regular explanation what authenticated encryption does (to those that do not know it) should be entirely enough. The behavior is not in any way surprising, after all. Add to that that it is not the default and there is no need for any "huge warnings". People that do not knwo what they are doing will shoot themselves in the foot anyways. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
