On 09/05/2020 21:41, Nikolay Kichukov wrote:
>
> Does mine use an internal hash?
No, internal hash is used for non-cryptographic integrity
protection (IOW when you use only integritysetup).
LUKS2 can used with authenticated encryption and here discard
will be never supported. New cryptsetup should print better error
message here though ("TRIM/discard is not supported.")
(Discarded areas means that data area is undefined and reading
must return "integrity failure". Many programs do not expect this
and will misbehave.
And introducing new state "discarded" would basically define
a new state in authenticated encryption - we will not do this
in dm-crypt.)
Authenticated encryption for LUKS2 is an experimental feature,
I hope one day we will have something better on filesystem layer.
If you use just the same encryption as in LUKS1 (length
preserving encryption without any data integrity protection),
then it behaves exactly the same - discards can be enabled.
Milan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt
