On 09/24/2012 06:20 PM, Kasatkin, Dmitry wrote:
So it can provide confidentiality but it CANNOT provide integrity protection.
Yes, it provides confidentiality and via encryption it provides
certain level of integrity protection.
Data cannot be modified without being detected.
Decryption
On Tue, Sep 25, 2012 at 3:15 PM, Milan Broz mb...@redhat.com wrote:
On 09/24/2012 06:20 PM, Kasatkin, Dmitry wrote:
So it can provide confidentiality but it CANNOT provide integrity
protection.
Yes, it provides confidentiality and via encryption it provides
certain level of integrity
There are two existing offline integrity models: file level integrity
(linux-integrity subsystem EVM/IMA-appraisal) and block level integrity
(dm-verity, dm-crypt).
This patch provides a new block level method called device-mapper integrity
target (dm-integrity), which provides transparent
On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote:
Both dm-verity and dm-crypt provide block level integrity protection.
This is not correct. dm-crypt is transparent block encryption target,
where always size of plaintext == size of ciphertext.
So it can provide confidentiality but it CANNOT
On Mon, Sep 24, 2012 at 4:47 PM, Milan Broz mb...@redhat.com wrote:
On 09/24/2012 11:55 AM, Dmitry Kasatkin wrote:
Both dm-verity and dm-crypt provide block level integrity protection.
This is not correct. dm-crypt is transparent block encryption target,
where always size of plaintext == size