Re: Subject: OT: LUKS encryption -- block by block, file by file, or "one big lump"

["Bottenberg, Michael" <michael@der-he.de>]

On 2023-03-09 22:16 Nicolas George wrote:
> rhkramer@gmail.com (12023-03-08):
> >    * can files in the LUKS partition other than the one with the one 
> > block
> > corrupted be read correctly?
> >
> >    * assuming the file with the corrupted block is bigger than one 
> > block, can
> > the other parts of the file (not including the corrupted block) be 
> > read
> > correctly?
>
> Of course not. [...]

Quite the contrary. All other file data blocks can be read except the 
broken one.

> Ensuring the integrity of the data is not part of the attributions of
> LUKS either. It could, but then again it would cost performance. And
> space, at least 1/1000, probably more around 1/256 or 1/128.

Its indeed not a theoretical aspect, it is quite practical.

See Authenticated disk encryption via AEAD, cryptsetup(8) man page: 
"Since Linux kernel version 4.12 dm-crypt supports authenticated disk 
encryption."

Performance and space costs are neglectable. But cryptsetup support 
currently is still experimental, AFAIK, and usable and secure modes are 
some other topic to discuss ... ;-)

hede