From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 16 Dec 2019 19:49:37 +0100 (CET)
Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245])
 by v1.tansi.org (Postfix) with ESMTPA id 9B814140056
 for <dm-crypt@saout.de>; Mon, 16 Dec 2019 19:49:26 +0100 (CET)
Date: Mon, 16 Dec 2019 19:49:36 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20191216184935.GA17227@tansi.org>
References: <CAJCQCtSUtmf1wOs=ecch-EioqT5isLOyyw5aZhJ3RXjRL3mLBg@mail.gmail.com>
 <2b1f731d-0713-fadf-f895-b62b00363a95@gmail.com>
 <qt1odg$5hpb$1@blaine.gmane.org> <20191214144236.GA12121@tansi.org>
 <CAJCQCtQ4YWh0+4vbHPKF9kL=g0_0G7xpZsY7xnSJffTn_HPWsg@mail.gmail.com>
 <Kuf0HqfNDFs36S39f45WW2TuxKIdYzTr0QkObdzLaUYeY2s58O5BPCwXLBK43xVi1E7pXvVZ3zD12KLVkAU7V3a03Gu6-eIo4PtVts8rDA4=@protonmail.ch>
 <CAJCQCtSC20ocCM50KbOcFO7LwBv-EQyJH1HSySqMc3Q=51sMEw@mail.gmail.com>
 <HR1_2D_XSeTc2zLOBn4VxqML7PgGozaJjxIccFuR78H_4BgIuRmtWKaoFIXFtFA3C2iDyLJtvF4v4qHfsgwMFQr6exAbigHfv1JKnyTd4VA=@protonmail.ch>
 <CAJCQCtRu0hn34JGN+MvRoDXg3ri9aUi9Y+gD6kuSKYvj=nxV-Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAJCQCtRu0hn34JGN+MvRoDXg3ri9aUi9Y+gD6kuSKYvj=nxV-Q@mail.gmail.com>
Subject: Re: [dm-crypt] LUKS2 support for null/plaintext target
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Mon, Dec 16, 2019 at 19:24:33 CET, Chris Murphy wrote:
[...]
> But consider that as a direct consequence of the burden to
> backup->luksFormat>restore, quite a lot of users opt out of encryption
> entirely. The point of in-place conversion isn't perfect security.
> It's to get more users to opt in, by reducing the penalty of opting
> in.

But why would you _want_ users to "opt in"? It seems like entirely
the wrong thing to do to me. First consider that the users 
you are talking about do not have backups. Hence their data must
be basically worthless anyways! Second, their data is so little
in need of protection that something as simple and as a backup  
already makes them do without encryption. Hence their data must
actually not be sensitive in any way!

Given these two things, why on earth do you want these people
to use encryption?

Security comes at a price. That price has to be paid. 
No price - no security. There is _no_ way to fix this and trying 
to do so only does damage to the user by making things too complex
for them to handle.

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier