On Sat, May 9, 2020 at 2:11 PM Milan Broz <gmazyland@xxxxxxxxx> wrote: > > On 09/05/2020 21:41, Nikolay Kichukov wrote: > > > > Does mine use an internal hash? > > No, internal hash is used for non-cryptographic integrity > protection (IOW when you use only integritysetup). Ahh OK, nice, I had it exactly 180 degrees wrong. > Authenticated encryption for LUKS2 is an experimental feature, > I hope one day we will have something better on filesystem layer. Authenticated Btrfs using hmac:sha256 checksumming is expected to be merged pending review (in-progress). And keyed blake2 also looks possible. No native encryption yet though, but it works fine on top of dm-crypt. https://lwn.net/Articles/818842/ One of many technical explanations of what is covered. https://lore.kernel.org/linux-btrfs/SN4PR0401MB3598198E5FB728B68B39A1589BA60@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ -- Chris Murphy _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
