Encrypted disk storage

John Gilmore gnu at toad.com
Fri May 5 15:32:29 EDT 2006


> > I guess perhaps the reason they don't do integrity checking is that it
> > involves redundant data, so the encrypted volume would be smaller, or
> > the block offsets don't line up, and perhaps that's trickier to handle
> > than a 1:1 correspondence.
> 
> Exactly, many file systems rely on block devices with atomic single block
> (sector) writes.

I'm sure I've seen modern disk drives that allow reformatting to use
sectors of 516 or 520 or 524 bytes rather than 512 bytes.  This would
require some generalization in the low-level I/O buffering code, but
would permit both integrity and transparency at the filesystem level.

It might also throw fits with forensic software (or even Live CDs
inserted by a thief or intruder) that expect 512 byte sectors.

	John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list