From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDZ0mkPDqt0C for ; Tue, 21 May 2013 01:58:58 +0200 (CEST) Received: from mail.ramses-pyramidenbau.de (ramses-pyramidenbau.de [78.47.114.252]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 21 May 2013 01:58:57 +0200 (CEST) Received: from [172.16.2.20] (rgnb-5d87874a.pool.mediaWays.net [93.135.135.74]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ramses-pyramidenbau.de (Postfix) with ESMTPSA id 7595164885 for ; Tue, 21 May 2013 01:58:56 +0200 (CEST) Message-ID: <519AB8C5.7090908@ramses-pyramidenbau.de> Date: Tue, 21 May 2013 01:59:01 +0200 From: Ralf Ramsauer MIME-Version: 1.0 References: <519AA42D.4000609@ramses-pyramidenbau.de> <20130520234122.GA31243@tansi.org> In-Reply-To: <20130520234122.GA31243@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Authenticated Encryption for dm-crypt List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi, On 05/21/2013 01:41 AM, Arno Wagner wrote: > I am not really sure what you mean. > > Per-sector authenticatipn is infeasible as it requires > additional space. This is not communication encryption > where attaching a few bytes is possible. This is disk > encryption where 512 encrypted bytes have to fit exactly > into 512 bytes of space. Well additional space is no problem in my point of view. Let's assume we would tag a 512 sector with a "Mac" with 20 bytes length. Then we would need ~20GiB for Tags for a disk with a size of 500GiB. We still would have 480GiB for bulk data. In my opinion that's a fair deal. The problem of the sector size could be solved by tagging larger amounts of data with larger tags. I know that's not really more secure but it solves the problem with the sector size (e.g. tag 4KiB of data with 512 Byte Tags or sth. like that). > > Do you mean the header should authenticate itself to the > user in decryption? That would only make sense if a > malicious disk encryption system is assumed and would > have to be done before the passphrase is given. The > attacker model would be something like disk-impersonation > gere or a cryptsetup or kernel that tries to steal the > passphrase. No, i meant the point you mentioned above. Regards > > Arno > > > On Tue, May 21, 2013 at 12:31:09AM +0200, Ralf Ramsauer wrote: >> Hi, >> >> are there any weighty reasons why there is no support for authenticated >> encryption for >> dm-crypt or did simply no one want to implement it up to now? :-) >> >> Did anyone do any work on this topic up to now? I think authenticated >> encryption would >> be a nice feature. >> >> Regards >> >> -- >> Ralf Ramsauer >> >> PGP: 0x8F10049B >> >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt -- Ralf Ramsauer PGP: 0x8F10049B