DM for detecting bad disks was: dm-crypt, new IV and standards

From: Mike Fedyk
Date: Sat Mar 06 2004 - 23:21:04 EST

Next message: Michael Frank: "2.6.3 AGP interrupt not shown in /proc/interrupts?"
Previous message: Mike Fedyk: "Re: Marvell PATA-SATA bridge meets 2.4.x"
In reply to: Pavel Machek: "Re: dm-crypt, new IV and standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek wrote:

Hi!

Well, CTR mode is not recommended for encrypted file systems because it is very
easy to corrupt single bits, bytes, blocks, etc without an integrity check.
If we add a MAC, then any mode of operation except ECB can be used for
encrypted file systems.

what does "easy to corrupt" mean? i haven't really seen disks generate
bit errors ever. this MAC means you'll need to write integrity data for
every real write. that really doesn't seem worth it...

The difference between "_1,000,000" and "_8,000,000" is 1 bit. If an
attacker knew enough about the layout of the filesystem (modify times on blocks,
etc) they could flip a single bit and change your _1Mil purchase order
approved by your boss to a _8Mil order.

Hmm... long time ago I created crc loop device to catch
faulty disks. If cryptoloop can do that for me... very good!

Yes, a crc, or some other very low overhead DM target would be great for this. I haven't looked at DM too much. :( Does it already have something like this already?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michael Frank: "2.6.3 AGP interrupt not shown in /proc/interrupts?"
Previous message: Mike Fedyk: "Re: Marvell PATA-SATA bridge meets 2.4.x"
In reply to: Pavel Machek: "Re: dm-crypt, new IV and standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]