[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Subject: OT: LUKS encryption -- block by block, file by file, or "one big lump"



On 2023-03-09 22:16 Nicolas George wrote:
rhkramer@gmail.com (12023-03-08):
* can files in the LUKS partition other than the one with the one block
corrupted be read correctly?

* assuming the file with the corrupted block is bigger than one block, can the other parts of the file (not including the corrupted block) be read
correctly?

Of course not. [...]

Quite the contrary. All other file data blocks can be read except the broken one.

Ensuring the integrity of the data is not part of the attributions of
LUKS either. It could, but then again it would cost performance. And
space, at least 1/1000, probably more around 1/256 or 1/128.

Its indeed not a theoretical aspect, it is quite practical.

See Authenticated disk encryption via AEAD, cryptsetup(8) man page: "Since Linux kernel version 4.12 dm-crypt supports authenticated disk encryption."

Performance and space costs are neglectable. But cryptsetup support currently is still experimental, AFAIK, and usable and secure modes are some other topic to discuss ... ;-)

hede


Reply to: