Re: safety of encrypted filesystems

[Horst Pflugstaedt <horst@uni-duisburg.de>]

On Fri, Jun 17, 2005 at 09:03:57AM +0200, martin f krafft wrote:
> also sprach Florian Weimer <fw@deneb.enyo.de> [2005.06.17.0848 +0200]:
> > These are *cipher* blocks, and they are chained only within
> > a *block device* block.
> 
> Who guarantees that? If Cipherblock CB_x depends on CB_(x-1), then
> CB_last will indirectly depend on CB_first. If the data are large
> enough to span multiple block device blocks, damage to the beginning
> of the cipherfile makes the rest of the file unusable, no?

wouldn't it be possible to test that?
Scenario:
encrypt /dev/hda7, mount, fill it with some hundred small files (with
known content), unmount, change one bit/byte/block on /dev/hda7 (using dd),
remount, look for the remaining files and their contents.

I can imagine this might work; errors dont' have to be implemented in
hardware, do they?

Greetings
Horst


-- 
... I don't know why but, suddenly, I want to discuss declining I.Q.
LEVELS with a blue ribbon SENATE SUB-COMMITTEE!