Gmane -- Mail To News And Back Again

From: Marc Ballarin <Ballarin.Marc@...>
Subject: design goals of dm-crypt
Newsgroups: gmane.linux.kernel.device-mapper.dm-crypt
Date: 2004-07-31 14:42:14 GMT (4 years, 48 weeks, 2 days, 11 hours and 24 minutes ago)

Hi everyone,

recently it became obvious that dm-crypt's design needs improvement. Some
people already suggested ideas to correct the current weaknesses, others
pointed out further weaknesses and more complicated threat scenarios.

So, before time and effort is wasted to create a new solution that might
fail to satisfy the requirements of many users' - or worse - will give
them a false sense of security, I would suggest to discuss the design
goals of the new implementation here and now.

Here are some basic questions, that I feel need to be answered first.

1st question:
What's the meaning of "secure" anyway?

Certainly, an attacker must never be able to decrypt data. Additionally,
no information about the data itself may leak outside (like it does in the
watermarking attack) - even if the attacker has legitimate user access to
the encrypted fileystem.
IMHO those are the very basic requirements towards any encryption scheme.
Still, there might be further demands.

2nd question:
In which scenarios should dm-crypt be secure?

We will have to decide in which cases we can (or want to) guarantee
security (once we have decided what secure means).
For example, implementations that work fine on "trusted" personal systems
can fail horribly on multi-user/multi-admin systems or in shared storage
environments.

Whatever the decision will be, it needs to be stated clearly in dm-crypt's
documentation.

3rd question:
What are the performance requirements?

Which performance impact can be tolerated, how much CPU, RAM and
additional disc storage may be used?

4th question:
Which approaches are doomed to fail from the beginning?
and
Which solutions are blocked by patents or other issues?

Countless cryptographic implementations been tried before - and have
failed completely. Let's not repeat those mistakes.
Of course, it would be very frustrating to find a good solution only to
discover afterwards that it cannot be used in free software.

5th question: Are there any other questions?

Please feel free to add missing points or to provide answers.

Regards,
Marc