[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyfile Support for GRUBs LUKS

From: Darren J Moffat
Subject: Re: Keyfile Support for GRUBs LUKS
Date: Mon, 25 Nov 2013 10:38:40 +0000
User-agent: Mozilla/5.0 (X11; SunOS i86pc; rv:17.0) Gecko/20130718 Thunderbird/17.0.6

On 11/20/13 07:36, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
It's not that easy. Trouble is that you need to also prevent
inconsistent rollback and for this you need to have a hash tree. Then
since power failure is a possibility you need this tree to be consistent
at every moment. Those issues are a bit easier to handle on FS level.
ZFS supports HMACs. BtrFS perhaps will one day.

Minor terminology nit: ZFS has a MAC not an HMAC. HMAC implies a hash based MAC such as HMAC-SHA256.

ZFS uses AES-CCM or AES-GCM modes which are AEAD modes that produce an Auth/MAC tag. You could do an equivalent thing with AES-CBC or AES-XTS plus HMAC-SHA256 (the original ZFS crypto prototype was AES-CBC with HMAC-SHA256 but I switched to AES-CCM/GCM).

Darren J Moffat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]