> > I guess perhaps the reason they don't do integrity checking is that it > > involves redundant data, so the encrypted volume would be smaller, or > > the block offsets don't line up, and perhaps that's trickier to handle > > than a 1:1 correspondence. > > Exactly, many file systems rely on block devices with atomic single block > (sector) writes.
I'm sure I've seen modern disk drives that allow reformatting to use sectors of 516 or 520 or 524 bytes rather than 512 bytes. This would require some generalization in the low-level I/O buffering code, but would permit both integrity and transparency at the filesystem level. It might also throw fits with forensic software (or even Live CDs inserted by a thief or intruder) that expect 512 byte sectors. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]