Re: Why is it necessary to "wipe" an authenticated luks2 device when creating it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 26, 2019 at 23:27:27 CEST, Robert Nichols wrote:
> I wasn't even thinking of trim pass-through.  I routinely set up VMs with
> space allocations that, in total, exceed the space available on the host. 
> Such VMs cannot use authenticated encryption since they would have to
> immediately use all of their allocated space.  I also routinely save
> system images with partclone or clonezilla, specifically to avoid saving
> the content of the free space in the filesystems.  Such an image would
> fail authentication when restored.  These are fairly common practices. 
> LUKS2 authenticated encryption should come with huge warnings.

I think a regular explanation what authenticated encryption
does (to those that do not know it) should be entirely enough.
The behavior is not in any way surprising, after all.
Add to that that it is not the default and there is no
need for any "huge warnings". People that do not knwo what 
they are doing will shoot themselves in the foot anyways.

Regards,
Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@xxxxxxxxxxx
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux