> From: Eric Biggers <ebiggers3@xxxxxxxxx> > Sent: Fri Dec 08 22:42:13 CET 2017 > Subject: Re: [PATCH] fscrypt: add support for ChaCha20 contents encryption > > We can't use authenticated encryption for the same reason we can't use random or > sequential nonces: there is nowhere to store the additional metadata > (authentication tag and nonce) per filesystem block *and* have it updated > atomically with respect to the contents of said block. I saw that LUKS/dm-crypt guys are able to do AE regardless of the same issues[1]. Is it really impossible for fscrypt? [1] http://www.saout.de/pipermail/dm-crypt/2017-November/005745.html Yours sincerely G. K. -- To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
|