From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v1.tansi.org (mail.tansi.org [84.19.178.47]) by mail.server123.net (Postfix) with ESMTP for ; Thu, 26 Sep 2019 16:31:29 +0200 (CEST) Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245]) by v1.tansi.org (Postfix) with ESMTPA id 94B3414026A for ; Thu, 26 Sep 2019 16:23:54 +0200 (CEST) Date: Thu, 26 Sep 2019 16:23:58 +0200 From: Arno Wagner Message-ID: <20190926142358.GA894@tansi.org> References: <83ff6ae8-0ac3-a2d3-a982-750862018d7c@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <83ff6ae8-0ac3-a2d3-a982-750862018d7c@gmail.com> Subject: Re: [dm-crypt] Why is it necessary to "wipe" an authenticated luks2 device when creating it? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Thu, Sep 26, 2019 at 09:41:39 CEST, Milan Broz wrote: > On 25/09/2019 21:40, .. ink .. wrote: > > I just added an ability to create an authenticated luks2 device in > > zuluCrypt[1] and i am > > wondering why these volumes need to be wiped when created. I made it work by > > looking at how cryptsetup does it but i don't understand why because i > > have so far > > failed to find any documentation about it. > > I think it is explained in the referenced paper, we should add a FAQ about > it. > > Initial wipe recalculates integrity tags - so you can read the device afterward. > > If you skip initialization (wipe), integrity tags for all sectors is > incorrect and read will return integrity failure (EILSEQ errno). > > In theory, it is not a problem ("do not read what you did not write"). > > But it reality it cases many programs to fail because it can access device > through page cache. If the *write* is not aligned to a page, page cache tries > to first read content, then update content, and write it back to the device. > > But as said above, all read fails because integrity tags are not > initialized, thus even page-unaligned writes can fail. (I have seen this > problem even in programs like mkfs, where it is apparent bug.) This is a specific problem with anything authenticated: Even non-data needs to be authenticated, because there is no way to distinguish it from data on that level. Hence expecting to have to do a full "initialization" pass at the start on authenticated storage is perfectly reasonable. I can add an FAQ secion on authenticated encryption fpr this. Do you have a link to the reference paper? Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier