Hi!
Well, CTR mode is not recommended for encrypted file systems because it is very
easy to corrupt single bits, bytes, blocks, etc without an integrity check.
If we add a MAC, then any mode of operation except ECB can be used for
encrypted file systems.
what does "easy to corrupt" mean? i haven't really seen disks generate
bit errors ever. this MAC means you'll need to write integrity data for
every real write. that really doesn't seem worth it...
The difference between "_1,000,000" and "_8,000,000" is 1 bit. If an
attacker knew enough about the layout of the filesystem (modify times on blocks,
etc) they could flip a single bit and change your _1Mil purchase order
approved by your boss to a _8Mil order.
Hmm... long time ago I created crc loop device to catch
faulty disks. If cryptoloop can do that for me... very good!