Post ACwJWTC2oZf5OA00yO by wolf480pl@mstdn.io
 (DIR) More posts by wolf480pl@mstdn.io
 (DIR) Post #ACvm55a3CYhhqgZ2B6 by feld@bikeshed.party
       2021-10-31T17:45:17.217322Z
       
       3 likes, 1 repeats
       
       You know, one overlooked benefits of full disk encryption is that you'll never have to deal with silently corrupted data / bad sectors. It's entirely possible for normal filesystems without checksums or disk encryption to provide bad data from a read -- even data that passes the basic hardware checksums if it's corrupted just right!But if you use full disk encryption the data wouldn't decrypt successfully and you'd get a hard error. If the disk is failing, you'll know. :freakout:
       
 (DIR) Post #ACvpbQEUFhu51taSTQ by wolf480pl@mstdn.io
       2021-10-31T18:24:42Z
       
       0 likes, 0 repeats
       
       @feld with a block-level full-disk-encryption, like Linux's dm-crypt, no, it'd just decrypt to garbage.With block-level encryption there's no space to put any kind of authentication tag (eg. HMAC) next to the block.You could do it when doing filesystem-level encryption, but then you may as well have a checksumming filesystem...
       
 (DIR) Post #ACvq6B5uaP9N3XF2Mi by lanodan@queer.hacktivis.me
       2021-10-31T18:30:14.361694Z
       
       0 likes, 0 repeats
       
       @wolf480pl @feld And ZFS (Oracle:cryingmeow:  and OpenZFS) has native encryption :D
       
 (DIR) Post #ACvqbyrvZlgyPDriLo by wolf480pl@mstdn.io
       2021-10-31T18:35:24Z
       
       0 likes, 0 repeats
       
       @lanodan @feld but it also has native checksumming
       
 (DIR) Post #ACvqhFbamFvHlFjmmu by lanodan@queer.hacktivis.me
       2021-10-31T18:36:56.067514Z
       
       0 likes, 0 repeats
       
       @wolf480pl @feld Yup, that's one of the things ZFS introduced.
       
 (DIR) Post #ACvqlh4UbJRO6WNFVw by wolf480pl@mstdn.io
       2021-10-31T18:37:45Z
       
       0 likes, 0 repeats
       
       @lanodan @feld but that means you can't have a filesystem with authenticated encryption that isn't checksumming
       
 (DIR) Post #ACvr36AqWWe6sge3ii by lanodan@queer.hacktivis.me
       2021-10-31T18:40:52.403348Z
       
       0 likes, 0 repeats
       
       @wolf480pl @feld maybe but tbh I couldn't care less, I'm pretty sure it's a good idea to have checksumming (together with other things ZFS).
       
 (DIR) Post #ACvr7rgboeKxOcm5gW by wolf480pl@mstdn.io
       2021-10-31T18:41:45Z
       
       0 likes, 0 repeats
       
       @lanodan yeah but this thread is about @feld claiming you can have a non-checsumming filesystem with encryption which he implied to be authenticating...
       
 (DIR) Post #ACvrNrAfV0DUQpSaci by lanodan@queer.hacktivis.me
       2021-10-31T18:44:37.087080Z
       
       0 likes, 0 repeats
       
       @wolf480pl @feld Ah yeah right.And I know it decodes to garbage for dm-crypt btw, I've had it happen on a SSD (and the ext4 filesystem on it entirely died).(I had a WIP dump of the disk)
       
 (DIR) Post #ACwIoNQMu0cmkrfqj2 by feld@bikeshed.party
       2021-10-31T23:52:01.259972Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan well I guess dm-crypt is junk compared to GELI on FreeBSDMy data is encrypted with 256bit AES-XTS and uses HMAC+SHA256 for integrity
       
 (DIR) Post #ACwJ3629qGkNAAMuFE by feld@bikeshed.party
       2021-10-31T23:54:41.034169Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan Once again this reaffirms my choice that FreeBSD does everything I could ever want.The best block device encryptionThe best filesystems (UFS2 and ZFS)The best network stackThe best system memory allocator (jemalloc)The best license
       
 (DIR) Post #ACwJ6OM4BHswqzFgbA by feld@bikeshed.party
       2021-10-31T23:55:17.349500Z
       
       1 likes, 0 repeats
       
       @wolf480pl @lanodan Once again this reaffirms my choice of FreeBSD as it does everything I could ever want.The best block device encryptionThe best filesystems (UFS2 and ZFS)The best network stackThe best system memory allocator (jemalloc)The best license
       
 (DIR) Post #ACwJWTC2oZf5OA00yO by wolf480pl@mstdn.io
       2021-10-31T23:59:57Z
       
       0 likes, 0 repeats
       
       @feld @lanodan where does it store the HMACs tho?
       
 (DIR) Post #ACwJsxjDxyUcSkFCE4 by wolf480pl@mstdn.io
       2021-11-01T00:04:01Z
       
       0 likes, 0 repeats
       
       @feld @lanodan can it boot from bittorrent though?
       
 (DIR) Post #ACwK0VuPHbW0Ux4jdA by mia@movsw.0x0.st
       2021-10-31T17:59:11.483Z
       
       0 likes, 0 repeats
       
       @feld@bikeshed.party not actually true! you need authenticated encryption for that. on linux, the dm-integrity target provides that though!
       
 (DIR) Post #ACwK0WVz1tZaNUekCW by feld@bikeshed.party
       2021-11-01T00:05:23.865305Z
       
       0 likes, 0 repeats
       
       @mia i didn't realize people used full disk encryption without authentication. That's wild. FreeBSD user here
       
 (DIR) Post #ACwK933vu0SRdgbJQG by feld@bikeshed.party
       2021-11-01T00:06:58.163887Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan you only get 89% of storage with HMAC+SHA256 according to the man page. I've never noticed.
       
 (DIR) Post #ACwKKu4j8sojEzcpCi by feld@bikeshed.party
       2021-11-01T00:08:23.853754Z
       
       0 likes, 0 repeats
       
       @wolf480pl @lanodan also GELI is block device encryption; filesystem agnostic if that's the answer you're looking for
       
 (DIR) Post #ACwKS4YAayBZksobjs by mia@movsw.0x0.st
       2021-11-01T00:07:36.800Z
       
       0 likes, 0 repeats
       
       @feld@bikeshed.party yeah, even with geli that’s optional
       
 (DIR) Post #ACwKS50ssD9dBwFXUm by feld@bikeshed.party
       2021-11-01T00:10:23.363662Z
       
       0 likes, 0 repeats
       
       @mia I've never used it without, forgot it was even possible
       
 (DIR) Post #ACwKUfZTvFtl9ZfQdU by wolf480pl@mstdn.io
       2021-11-01T00:10:50Z
       
       0 likes, 0 repeats
       
       @feld @lanodan I was asking more about locality. Linux has dm-integrity ehich does something similar, by using a separate metadata partition for the HMACs.Last time I checked, it caused 2x worse performance than just encryption with no HMAC. I wonder if GELI has some smarter way of doing it that has a smaller performance hit.
       
 (DIR) Post #ACwKcDA9QdiJMXPo80 by wolf480pl@mstdn.io
       2021-11-01T00:12:12Z
       
       0 likes, 0 repeats
       
       @feld @lanodan yeah I know. AFAIU, GELI is FreeBSD's version of device-mapper
       
 (DIR) Post #ACwS70mUDFw3cLypBQ by mwt@econresearch.org
       2021-11-01T00:23:23.878237Z
       
       0 likes, 0 repeats
       
       @wolf480pl @feld @lanodan is there an OS that can do this?
       
 (DIR) Post #ACwS71JoDMafHhZR7g by feld@bikeshed.party
       2021-11-01T01:36:12.226366Z
       
       1 likes, 0 repeats
       
       @mwt @wolf480pl @lanodan I'd like to see the bootloader that can do it. If it boots some stripped down Linux first that's cheating
       
 (DIR) Post #ACwdJF59xxfwwVkV16 by feld@bikeshed.party
       2021-11-01T03:41:42.584577Z
       
       0 likes, 0 repeats
       
       @mwt @lanodan @wolf480pl I wonder if you could do it with Lua... there's a Lua version of the FreeBSD bootloader that I think is now being used instead of the FORTH version?
       
 (DIR) Post #ACwwPKV2dS6AbxTH8a by wolf480pl@mstdn.io
       2021-11-01T07:15:39Z
       
       0 likes, 0 repeats
       
       @feld @mwt @lanodan Well ok I haven't seen a bootloader that load Linux kernel and initramfs from bittorrent. But I have made a thing where a bootloader loads those from tftp, and then the initramfs downloads the root filesystem from bittorrent.