[dm-devel] my encryption
Joe Thornber
thornber at sistina.com
Mon Oct 13 07:25:01 UTC 2003
On Mon, Oct 13, 2003 at 02:12:13PM +0200, jon at kollegiegaarden.dk wrote:
> On Mon, Oct 13, 2003 at 01:04:20PM +0100, Joe Thornber wrote:
> > On Mon, Oct 13, 2003 at 01:54:21PM +0200, jon at kollegiegaarden.dk wrote:
> > > On Mon, Oct 13, 2003 at 08:58:12AM +0100, Joe Thornber wrote:
> > > > What is Christophe Saouts encryption target missing IYO ?
> > >
> > > As far as i remember:
> > > it can not change password without reencrypting the whole device
> >
> > Why is this bad ? I'd worry if changing the password *didn't* require
> > the device to be re-encrypted.
>
> Imagien you have a 3426TeraByte blockdevice...
> Reencrpting that is going to take a long long time, and even if
> it was just a few hundred GB, then they are going to be offline
> while you change the key. To some that is unacceptable. PPDD
> which i modelled my encryption on can change key without reencrypting
> it all. So can GBDE from FreeBSD.
> What usualy is done is that the passphrase is used as a key to encrypt
> another key, which is stored encrypted at the disk. Then this other
> key is used to encrypt the data with. Thus when changing the passphrase
> all you do is reencrypting the key. This is almost done atomicaly.
You can still do this with the current target, the encrypted key would
be stored in the LVM metadata, and passed into the target when the LV
is activated with the passphrase.
> > > It doesnt shuffle the sectors arround
> >
> > Does this really provide more security ?
>
> Maybe, i'm not a cryptoanalyser, but GBDE does this, and i think they
> do it for a reason. The idea is that you can attack the encryption if
> you have "known plaintext", and a filesystem stores known meta data
> at a known location.
y, I can see that making a difference for some encryption schemes.
Perhaps we should think about putting that in.
- Joe
More information about the dm-devel
mailing list