diff options
author | Kent Overstreet <kent.overstreet@linux.dev> | 2023-09-11 17:26:07 -0400 |
---|---|---|
committer | Kent Overstreet <kent.overstreet@linux.dev> | 2023-09-11 17:26:13 -0400 |
commit | 2a2219526e2243d95dd283da73f01d6de2b62a77 (patch) | |
tree | f99faabd5cc8dae66149d2e9d4ec509ae6ec02bf /Encryption.mdwn | |
parent | 31a414aa45a9962946a4390d7a329766a1f9acc3 (diff) |
Big update
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
Diffstat (limited to 'Encryption.mdwn')
-rw-r--r-- | Encryption.mdwn | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Encryption.mdwn b/Encryption.mdwn index 1426764..807b6d2 100644 --- a/Encryption.mdwn +++ b/Encryption.mdwn @@ -1,4 +1,14 @@ -# bcache/bcachefs encryption design: +# Overview + +bcachefs uses AEAD style encryption (ChaCha20/Poly1305), where each encrypted +block is authenticated with a MAC, with a chain of trust up to root (the +superblock), and every encrypted block has a unique nonce. + +This protects against attacks that block level encryption (i.e. LUKS) cannot +defend against, because at the block level there's nowhere to store MACs or +nonces without causing painful alignment problems. + +# More detailed: This document is intended for review by cryptographers and other experience implementers of cryptography code, before the design is frozen. Everything |