Big update

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
author: Kent Overstreet <kent.overstreet@linux.dev> 2023-09-11 17:26:07 -0400
committer: Kent Overstreet <kent.overstreet@linux.dev> 2023-09-11 17:26:13 -0400
commit: 2a2219526e2243d95dd283da73f01d6de2b62a77 (patch)
tree: f99faabd5cc8dae66149d2e9d4ec509ae6ec02bf /Encryption.mdwn
parent: 31a414aa45a9962946a4390d7a329766a1f9acc3 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/Encryption.mdwn b/Encryption.mdwn
index 1426764..807b6d2 100644
--- a/Encryption.mdwn
+++ b/Encryption.mdwn
@@ -1,4 +1,14 @@
-# bcache/bcachefs encryption design:
+# Overview
+
+bcachefs uses AEAD style encryption (ChaCha20/Poly1305), where each encrypted
+block is authenticated with a MAC, with a chain of trust up to root (the
+superblock), and every encrypted block has a unique nonce.
+
+This protects against attacks that block level encryption (i.e. LUKS) cannot
+defend against, because at the block level there's nowhere to store MACs or
+nonces without causing painful alignment problems.
+
+# More detailed:
 
 This document is intended for review by cryptographers and other experience
 implementers of cryptography code, before the design is frozen. Everything
author	Kent Overstreet <kent.overstreet@linux.dev>	2023-09-11 17:26:07 -0400
committer	Kent Overstreet <kent.overstreet@linux.dev>	2023-09-11 17:26:13 -0400
commit	2a2219526e2243d95dd283da73f01d6de2b62a77 (patch)
tree	f99faabd5cc8dae66149d2e9d4ec509ae6ec02bf /Encryption.mdwn
parent	31a414aa45a9962946a4390d7a329766a1f9acc3 (diff)