On 2011-09-29, at 7:33 AM, "Kasatkin, Dmitry" <dmitry.kasatkin@xxxxxxxxx> wrote: >>> >>> There is work currently being done to add checksums for detecting filesystem corruption (see list archive). However, if the attacker can binary edit the underlying disk device then they can also edit the checksums (crc32c) at the same time. >>> >>> The only secure way to handle this would be a crypto checksum with a secret key. >> > > Can you please give me some links to it???? My point wasn't that this is something to try and implement, but rather that if you have an attacker who can modify the disk directly then it is best to use cryptoloop or similar to encrypt the whole device. Cheers, Andreas-- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
