Re: [dm-crypt] Two questions

DM-Crypt Archive mirror
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: mgreger@cinci.rr.com, "'dm-crypt@saout.de'" <dm-crypt@saout.de>
Subject: Re: [dm-crypt] Two questions
Date: Fri, 15 Nov 2019 11:00:36 +0100	[thread overview]
Message-ID: <18dc5c33-f93c-d4ed-cbbc-badfc0479bb8@gmail.com> (raw)
In-Reply-To: <3e97eab84e794c604a03f49ce7c66a31ca266ade@webmail>

On 13/11/2019 16:15, mgreger@cinci.rr.com wrote:
> 1)   Should it be possible to use a detached header and --integrity options to cryptsetup at the same time? When I try, I get a message 'No integrity superblock detected on header.'

The current design is that integrity metadata will stay on the data device (even with detached LUKS header), and these are not encrypted (encryption is not implemented, but has some support in the kernel).

So with the current code, we are not going to support the detached header for authenticated encryption (integrity protection), we should fix the code to explicitly print a warning about it. (The message above is misleading.)

There is still note about --integrity option being experimental, and it stays this way some time...
(Maybe forever, if we find that the model that allows reply attacks on the sector level is just inadequate.)

Milan

next prev parent reply	other threads:[~2019-11-15 10:00 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-13 15:15 [dm-crypt] Two questions mgreger
2019-11-13 18:07 ` Michael Kjörling
2019-11-14  9:15 ` Ondrej Kozina
2019-11-15 10:00 ` Milan Broz [this message]
  -- strict thread matches above, loose matches on Subject: below --
2019-11-13 18:42 mgreger
2019-11-13 23:16 ` Arno Wagner
2019-11-14  2:43 mgreger
2019-11-14  2:45 mgreger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=18dc5c33-f93c-d4ed-cbbc-badfc0479bb8@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dm-crypt@saout.de \
    --cc=mgreger@cinci.rr.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).