Inline encryption for filesystems

Posted Aug 29, 2019 3:02 UTC (Thu) by ebiggers (subscriber, #130760)
In reply to: Inline encryption for filesystems by Cyberax
Parent article: Inline encryption for filesystems

Sure, and the CPU could do the same when it sees an AES instruction.

Ultimately, you always need some level of trust in the hardware...

Inline encryption for filesystems

Posted Aug 29, 2019 3:09 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

It's a bit more difficult with AES-NI. You have to somehow store the keys at a pretty good rate, and there's simply not enough space on the CPU die for this.

But storing a handful of keys supplied for decryption of fairly large blocks of data? Easy.

Inline encryption for filesystems

Posted Aug 31, 2019 6:03 UTC (Sat) by ssmith32 (subscriber, #72404) [Link]

And I just sent a colleague Ken Thompson's trusting trust (to point out you need to trust the writers of software *cough* bitcoin *cough*, there's no magic algo that makes it go away altogether..).

Makes me smile that the paper stays relevant after all the years...!

Inline encryption for filesystems

Posted Sep 1, 2019 18:15 UTC (Sun) by robert_s (subscriber, #42402) [Link]

It would be many orders of magnitude harder to do this and not "get caught" at any point in the product's lifetime.