Hi Robert,
Yes, you are right. This approach is more complex than plain fs level
encryption, but this enables more fine-grained control on what is
encrypted. For example, it would not be possible to choose which field
to encrypt or not. Also, with fs level encryption, all the data is
Be sure to add that comment about multi-tenancy to the Jira description
since that is a key aspect of this particular approach.
-- Jack Krupansky
On Thu, Jan 7, 2016 at 4:52 AM, Renaud Delbru
wrote:
> Hi Robert,
>
> Yes, you are right. This approach is more complex than
I would strongly recommend against "invent your own mode", and instead
using standardized schemes/modes (e.g. XTS).
Separate from that, I don't understand the reasoning to do it at the
codec level. seems quite a bit more messy and complicated than the
alternatives, such as block device level