On Wed, Oct 05, 2016 at 10:16:25PM -0400, Theodore Ts'o wrote:
> On Thu, Oct 06, 2016 at 12:17:15PM +1100, Dave Chinner wrote:
> > This is the sanest approach, because encrypting filesystem internal
> > metadata may have some unintended consequences. e.g being unable to
> > perform forensic analysi
On Fri, Oct 07, 2016 at 09:23:51AM +1100, Dave Chinner wrote:
> At which point, I have to ask, why not just use dm-crypt and
> implement a simple "use device key on bio contents if none has been
> specified by higher layer" mechanism to direct the encryption? It's
> simple, you can still offload t
On Fri, Sep 30, 2016 at 7:58 PM, Eric Biggers wrote:
> The XTS tweak (or IV) was initialized differently on little endian and
> big endian systems. Because the ciphertext depends on the XTS tweak, it
> was not possible to use an encrypted filesystem created by a little
> endian system on a big en
On Wed, Oct 05, 2016 at 08:44:09PM +0200, Richard Weinberger wrote:
> Michael,
>
> On 05.10.2016 20:23, Michael Halcrow wrote:
> >> Eric,
> >>
> >>> On 04.10.2016, at 18:38, Eric Biggers wrote:
> >>>
> >>> On Tue, Oct 04, 2016 at 10:46:54AM +0200, Richard Weinberger wrote:
> > Also, currently
> Eric,
>
> > On 04.10.2016, at 18:38, Eric Biggers wrote:
> >
> > On Tue, Oct 04, 2016 at 10:46:54AM +0200, Richard Weinberger wrote:
> >>> Also, currently this code *is* only supposed to be used for XTS.
> >>> There's a bug where a specially crafted filesystem can cause
> >>> this code path to
Michael,
On 05.10.2016 23:11, Michael Halcrow wrote:
>>> In the meantime, to address the CBC thing, I'd want to understand what
>>> the hardware is doing exactly. I wouldn't want the existence of code
>>> that supports CBC in fs/crypto to be interpreted as some sort of
>>> endorsement for using i
On Thu, Oct 06, 2016 at 12:17:15PM +1100, Dave Chinner wrote:
> This is the sanest approach, because encrypting filesystem internal
> metadata may have some unintended consequences. e.g being unable to
> perform forensic analysis of corruption or data loss events, or an
> inability for tools like f
On Wed, Oct 05, 2016 at 11:14:55PM +0200, Richard Weinberger wrote:
> Michael,
>
> On 05.10.2016 20:44, Richard Weinberger wrote:
> > Well, let's focus first on file contents.
> > We have already the fscrypo framework.
> >
> > What you suggest is completely different from what we have now.
>
> T
Michael,
On 05.10.2016 20:23, Michael Halcrow wrote:
>> Eric,
>>
>>> On 04.10.2016, at 18:38, Eric Biggers wrote:
>>>
>>> On Tue, Oct 04, 2016 at 10:46:54AM +0200, Richard Weinberger wrote:
> Also, currently this code *is* only supposed to be used for XTS.
> There's a bug where a speciall
Michael,
On 05.10.2016 20:44, Richard Weinberger wrote:
> Well, let's focus first on file contents.
> We have already the fscrypo framework.
>
> What you suggest is completely different from what we have now.
To clarify that, I'm not saying that meta-data or block level authentication
is a bad i
Eric,
> On 04.10.2016, at 18:38, Eric Biggers wrote:
>
> On Tue, Oct 04, 2016 at 10:46:54AM +0200, Richard Weinberger wrote:
>>> Also, currently this code *is* only supposed to be used for XTS. There's a
>>> bug
>>> where a specially crafted filesystem can cause this code path to be entered
>
On Tue, Oct 04, 2016 at 10:46:54AM +0200, Richard Weinberger wrote:
> > Also, currently this code *is* only supposed to be used for XTS. There's a
> > bug
> > where a specially crafted filesystem can cause this code path to be entered
> > with
> > CTS, but I have a patch pending in the ext4 tree
Eric,
On 03.10.2016 20:03, Eric Biggers wrote:
>>> {
>>> - u8 xts_tweak[FS_XTS_TWEAK_SIZE];
>>> + struct {
>>> + __le64 index;
>>> + u8 padding[FS_XTS_TWEAK_SIZE - sizeof(__le64)];
>>> + } xts_tweak;
>>
>> While we are here, wouldn't it make sense to
On Sat, Oct 01, 2016 at 06:03:31PM +0200, Richard Weinberger wrote:
> Eric,
>
> On Fri, Sep 30, 2016 at 7:58 PM, Eric Biggers wrote:
> > The XTS tweak (or IV) was initialized differently on little endian and
> > big endian systems. Because the ciphertext depends on the XTS tweak, it
> > was not
Eric,
On Fri, Sep 30, 2016 at 7:58 PM, Eric Biggers wrote:
> The XTS tweak (or IV) was initialized differently on little endian and
> big endian systems. Because the ciphertext depends on the XTS tweak, it
> was not possible to use an encrypted filesystem created by a little
> endian system on a
15 matches
Mail list logo