[asveikau]

> Your cryptosystem is not responsible for the stability of your storage medium, and your storage medium is not responsible for the security of your cryptosystem

This is exactly why your crypto system should not rely on spontaneously writing many gigabytes on a read operation, without asking. I couldn't have said it better myself.

What you are advocating is crypto intruding on the storage mechanism inappropriately. It's a layer violation.

I think if it's important to the end user, you could write fairly decent code at the app layer that asynchronously re-encrypts old data in a way that doesn't harm the user. That code would need to have a strategy for write failures. A basic cryptography tool should probably not have this as a built-in feature however, for a few reasons including those I've stated.

[woodruffw]

> This is exactly why your crypto system should not rely on spontaneously writing many gigabytes on a read operation, without asking.

Again: nobody has said this.

Whether or not the tool does this in bulk, or asynchronously, or whatever else is not particularly important to me. The only concern I have in this conversation is whether it's contradictory to simultaneously assert the value of some data and refuse to encrypt it correctly. Which it is.

[asveikau]

> Again: nobody has said this

You said it. You said that's what the cryptosystem should do. It's a bad design.

[woodruffw]

I don’t see anywhere in my comments that I either state or imply that you have to upgrade everything at once.

From the original comment:

> This is sidestepping the other parts of the comment that don't make sense, like why a single read implies multiple writes