On 14/01/11 5:40 AM, [email protected] wrote:
So does anyone know off the top of their head whether dm-crypt or
TrueCrypt (or other encrypted storage things) promise data integrity
in any way, shape or form?
I'm assuming they're just encrypting, but figured I'd ask before
digging into source and design docs.
It's important to understand the guarantees of the tools.
Others have answered, but fwiw here is my wet-blanket comment:
This is an example of bottom-up thinking, and the unfortunate tendency
to consider cryptology as the answer to any & all needs.
If instead we look at the issue top-down, a different picture emerges.
A user wants her data to be secure and resiliant. Available to her, and
to those she designates, all the time, and not to anyone else, any of
the time.
A proper design exercise would then realise that the 363kg gorilla in
the room is that the data is unreliably stored under many circumstances
that aren't within the grasp of cryptography. The canonical thing is
the failure of the hard drive.
This leads us to backups. As an integral part of any discussion about
any data. If we follow this along its natural (top-down) path we
discover the worst aspect of backups is that they aren't available when
needed. For hundreds of reasons. We can see a attempt at an answer to
this in a popularity of resiliant drives (mirroring, raid, etc).
(If we follow the unnatural path, and again think of a cryptographic
solution, we discover that what is "privacy" for an online drive is
*not* privacy for a set of backups. So we end up with *two*
cryptographic solutions being required, not one....)
Back to the natural top-down path. The uncertainty of backups leads us
towards distributed m-of-n network drive arrangements, at either a
service level or an application level. Then, once that basic
requirement is made, adding privacy features to the "cloud" layout of
the drive becomes much more tenable within a holistic design approach.
So for example, the Tahoe system would epitomise this form of complete
architectural thinking leading towards meeting the user's entire needs.
http://tahoe-lafs.org/source/tahoe/trunk/docs/quickstart.html
Or, to put it another way, in brutal terms, putting some sort of
cryptography into a single drive approach is likely to solve only a
small part of the user's problem. So small that likely, the added
complexity won't pay for itself. They'll always be the toy-thing of
geeks. Or worse, the added complexity might make the user's overall
problem worse. If so, the further likely result will be that encrypted
drives will not make their way into the mass market, because users will
lose when they try and use them.
fwiw :)
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
