Announcement

Collapse
No announcement yet.

EXT4 On Linux 5.5 To Support Encryption On Smaller Block Sizes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ebiggers
    replied
    Originally posted by archsway View Post
    Don't some POWER systems use 64k page sizes?
    Yes, that's the main reason for this change: it makes it possible to use ext4 encryption on PowerPC.

    The other reason is that it eliminates the special case where ext4 encryption didn't work with block size less than 4K on architectures with 4K pages such as x86 and ARM. Though this limitation was rarely encountered in practice as the ext4 block size is normally 4K, it was still annoying to have to document.

    Leave a comment:


  • xorbe
    replied
    Typo:

    > For the past four years going back to Linux 5.5

    Linux 4.4

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by SystemCrasher View Post
    p.s. and remember, security and convenience are worst enemies. If something is very convenient, most likely it highly insecure. "Usable security" is holy grail of crypto ... and at the end of day, if you don't have idea how it works... there could be nasty surprises. Hey, how many users do you think can use, say, SSL/TLS/HTTPS in anyhow secure manner?
    Sadly true, but it's not a physical law. Convenient and safe can coexist, it's just unlikely

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by Chugworth View Post
    Microsoft has since updated BitLocker to always default to software-based encryption. On modern processors there is no noticeable impact in performance. Still though, I would have more trust in an open-source encryption solution.

    I have never been totally comfortable with the idea of a TPM either. A hardware chip that contains your encryption keys... It's bound to have some holes, but it's complex enough to prevent most people from finding them.
    Meh, a simple OS password is enough to keep "most people" from accessing my PC.

    If I go to the hassle of encrypting stuff and risking to lose all data because I forget a password or the system fucks up, it has to be very fucking nuke-proof.

    Leave a comment:


  • SystemCrasher
    replied
    One should be really stupid to trust proprietary encryption implementation. You don't even know what it doing, nor you can check that with anyhow reasonable amount of efforts. So if it does something nasty or just bugged/insecure ... you'll be last to know that.

    p.s. and remember, security and convenience are worst enemies. If something is very convenient, most likely it highly insecure. "Usable security" is holy grail of crypto ... and at the end of day, if you don't have idea how it works... there could be nasty surprises. Hey, how many users do you think can use, say, SSL/TLS/HTTPS in anyhow secure manner?

    Leave a comment:


  • Chugworth
    replied
    Originally posted by starshipeleven View Post
    Oh god, why I'm not surprised that embedded device firmwares (SSD storage devices in this case) are complete shitshows of security?
    Microsoft has since updated BitLocker to always default to software-based encryption. On modern processors there is no noticeable impact in performance. Still though, I would have more trust in an open-source encryption solution.

    I have never been totally comfortable with the idea of a TPM either. A hardware chip that contains your encryption keys... It's bound to have some holes, but it's complex enough to prevent most people from finding them.

    Leave a comment:


  • starshipeleven
    replied
    Oh god, why I'm not surprised that embedded device firmwares (SSD storage devices in this case) are complete shitshows of security?

    Leave a comment:


  • starshipeleven
    replied
    Originally posted by anarki2 View Post
    Actually I'm quite surprised this wasn't supported previously. But then again, Linux encryption is still a joke compared to Windows or macOS, so no biggie. The fact that encryption relies on proper preparation during partitioning is ridiculous.
    Are you perhaps telling me that WIndows partition encription does not rely on "proper preparation during partitioning"?

    Have you ever tried turning on encryption on a Windows system that does not have the 100MB "System Reserved" partition (not a EFI partition, it's in addition to that)?

    Leave a comment:


  • Volta
    replied
    Originally posted by anarki2 View Post
    Actually I'm quite surprised this wasn't supported previously. But then again, Linux encryption is still a joke compared to Windows or macOS, so no biggie. The fact that encryption relies on proper preparation during partitioning is ridiculous.
    You're full of bullshit just like winblows and macshit encryption which is a joke:

    https://www.howtogeek.com/fyi/you-ca...on-windows-10/

    https://www.techspot.com/news/78625-...ncryption.html

    Leave a comment:


  • elatllat
    replied
    Originally posted by anarki2 View Post
    ... Linux encryption is still a joke compared to Windows or macOS, so no biggie. The fact that encryption relies on proper preparation during partitioning is ridiculous.
    What?
    Just one checkbox during insall will give you full disk encription (using cryptsetup).
    or one command after install to encript just ~/.
    no need for partition preparation problems.
    Encryption integrated into the file system is just a mostly pointless bonus.
    (zfs encrypted snapshot diff shipping is the only advantage to integration AFAIK)

    What's a joke is the lack of flexibility on MS/Apple software.

    Leave a comment:

Working...
X