@bascule I just realized LUKS doesn't do authenticated encryption. is that a problem in practice?
@whitequark most FDE isn't truly authenticated, but still hard to attack... be more worried about your EFI or plaintext boot partition
-
-
@bascule good idea. I wish I had TPM here... (its import is forbidden by FSB)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@whitequark We have wide-block modes, but we're not really seeing them in practice; albeit ad hoc, Bitlocker does the best job. -
@justintroutman@bascule I guess authenticated FDE would play badly with sectors, esp. on SSDs? -
@whitequark@bascule The big problem is that real authentication (i.e., MAC) expands the ciphertext, which is seen as too costly. -
@justintroutman@bascule yep, that's what I'm talking about. hard to get a good solution here. -
@whitequark@bascule I think one major setback was the patenting issues surrounding wide-block modes; they were forgotten because of it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.