From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corsac@debian.org>
Received: from molly.corsac.net (pic75-3-78-194-244-226.fbxo.proxad.net
 [78.194.244.226])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri,  5 Feb 2016 14:13:35 +0100 (CET)
Message-ID: <1454678001.21086.24.camel@debian.org>
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 05 Feb 2016 14:13:21 +0100
In-Reply-To: <20160205110232.GD29709@tansi.org>
References: <CAFnMBaRfu93jkgmZ_vLDChF7Uv-dCE6dNN6YkSxU3EFvn8iHtg@mail.gmail.com>
 <56B20C05.7080307@gmail.com> <1454603376.4241.5.camel@debian.org>
 <20160204171753.GA20874@tansi.org> <1454653850.3573.2.camel@debian.org>
 <20160205110232.GD29709@tansi.org>
Content-Type: multipart/signed; micalg="pgp-sha256";
 protocol="application/pgp-signature"; boundary="=-VtN+K8cWMGKNnwZDLrnt"
Mime-Version: 1.0
Subject: Re: [dm-crypt] The future of disk encryption with LUKS2
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Arno Wagner <arno@wagner.name>, dm-crypt@saout.de


--=-VtN+K8cWMGKNnwZDLrnt
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On ven., 2016-02-05 at 12:02 +0100, Arno Wagner wrote:
> > Think external drives / removable storage?
>=20
> An attacker with physical access that you do not notice has=C2=A0
> won. Storage encryption does not protect here. Think, for=C2=A0
> example, "evil maid" type attacks. Storage encryption
> is only for theft of the device (which you notice) or=C2=A0
> attacker access which you notice in other ways.

This is exactly why integrity matters? The point is to have an usb drive /
external disk *fully* encrypted. The decryption is done by the host (which =
is
trusted). In that case, confidentiality and integrity are both important.

Regards,
--=20
Yves-Alexis


--=-VtN+K8cWMGKNnwZDLrnt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJWtJ/xAAoJEG3bU/KmdcClB6cH/jmiGDIWO57MhYNaaZzTaKNp
4jBFEZrQFkcXVB0YcI7WAmzS4OmYVTRSQOtJUitctxNNIDrwZlMgjDWOEXybRVR/
nH81GK2hb4gvpgOqI1u+38za2Lwj1Xf5pjiNvS5GNaCnkuhBPRahiUigMZv3Dc3A
3Hkl91KxwXdISi/P6zU0/XXY21+BB4HewuDY/ubnxX65mdgytLuvE/eirQvJgK2X
/xynIP2ochzYjFTOdqS1wD96r5/xCgjBThsX/FJC4Gfpo3IfK88UIr4VU+vKoSxG
XpUxj/fxABRqHeSB/Ttm1ANyiJ+w26KW8Rw7T0iP3Oysg5T/5vQkRtuekFfOsx0=
=lVqr
-----END PGP SIGNATURE-----

--=-VtN+K8cWMGKNnwZDLrnt--