diff --git a/src/cryfs-cli/Cli.cpp b/src/cryfs-cli/Cli.cpp
index 98e7e158..268df673 100644
--- a/src/cryfs-cli/Cli.cpp
+++ b/src/cryfs-cli/Cli.cpp
@@ -194,7 +194,7 @@ namespace cryfs {
     CryConfigLoader::ConfigLoadResult Cli::_loadOrCreateConfig(const ProgramOptions &options) {
         try {
             auto configFile = _determineConfigFile(options);
-            auto config = _loadOrCreateConfigFile(configFile, options.cipher(), options.blocksizeBytes());
+            auto config = _loadOrCreateConfigFile(configFile, options.cipher(), options.blocksizeBytes(), options.missingBlockIsIntegrityViolation());
             if (config == none) {
                 std::cerr << "Could not load config file. Did you enter the correct password?" << std::endl;
                 exit(1);
@@ -206,17 +206,19 @@ namespace cryfs {
         }
     }
 
-    optional<CryConfigLoader::ConfigLoadResult> Cli::_loadOrCreateConfigFile(const bf::path &configFilePath, const optional<string> &cipher, const optional<uint32_t> &blocksizeBytes) {
+    optional<CryConfigLoader::ConfigLoadResult> Cli::_loadOrCreateConfigFile(const bf::path &configFilePath, const optional<string> &cipher, const optional<uint32_t> &blocksizeBytes, const optional<bool> &missingBlockIsIntegrityViolation) {
         if (_noninteractive) {
             return CryConfigLoader(_console, _keyGenerator, _scryptSettings,
                                    &Cli::_askPasswordNoninteractive,
                                    &Cli::_askPasswordNoninteractive,
-                                   cipher, blocksizeBytes, _noninteractive).loadOrCreate(configFilePath);
+                                   cipher, blocksizeBytes, missingBlockIsIntegrityViolation,
+                                   _noninteractive).loadOrCreate(configFilePath);
         } else {
             return CryConfigLoader(_console, _keyGenerator, _scryptSettings,
                                    &Cli::_askPasswordForExistingFilesystem,
                                    &Cli::_askPasswordForNewFilesystem,
-                                   cipher, blocksizeBytes, _noninteractive).loadOrCreate(configFilePath);
+                                   cipher, blocksizeBytes, missingBlockIsIntegrityViolation,
+                                   _noninteractive).loadOrCreate(configFilePath);
         }
     }
 
diff --git a/src/cryfs-cli/Cli.h b/src/cryfs-cli/Cli.h
index ba8b607d..84d5a20e 100644
--- a/src/cryfs-cli/Cli.h
+++ b/src/cryfs-cli/Cli.h
@@ -23,7 +23,7 @@ namespace cryfs {
         void _checkForUpdates();
         void _runFilesystem(const program_options::ProgramOptions &options);
         CryConfigLoader::ConfigLoadResult _loadOrCreateConfig(const program_options::ProgramOptions &options);
-        boost::optional<CryConfigLoader::ConfigLoadResult> _loadOrCreateConfigFile(const boost::filesystem::path &configFilePath, const boost::optional<std::string> &cipher, const boost::optional<uint32_t> &blocksizeBytes);
+        boost::optional<CryConfigLoader::ConfigLoadResult> _loadOrCreateConfigFile(const boost::filesystem::path &configFilePath, const boost::optional<std::string> &cipher, const boost::optional<uint32_t> &blocksizeBytes, const boost::optional<bool> &missingBlockIsIntegrityViolation);
         boost::filesystem::path _determineConfigFile(const program_options::ProgramOptions &options);
         static std::string _askPasswordForExistingFilesystem();
         static std::string _askPasswordForNewFilesystem();
diff --git a/src/cryfs/config/CryConfigConsole.cpp b/src/cryfs/config/CryConfigConsole.cpp
index c1316926..20d6bf7a 100644
--- a/src/cryfs/config/CryConfigConsole.cpp
+++ b/src/cryfs/config/CryConfigConsole.cpp
@@ -68,6 +68,18 @@ namespace cryfs {
         }
     }
 
+    bool CryConfigConsole::askMissingBlockIsIntegrityViolation() {
+        if (_checkUseDefaultSettings()) {
+            return DEFAULT_MISSINGBLOCKISINTEGRITYVIOLATION;
+        } else {
+            return _askMissingBlockIsIntegrityViolation();
+        }
+    }
+
+    bool CryConfigConsole::_askMissingBlockIsIntegrityViolation() const {
+        return _console->askYesNo("\nMost integrity checks are enabled by default. However, by default CryFS does not treat missing blocks as integrity violations.\nThat is, if CryFS finds a block missing, it will assume that this is due to a synchronization delay and not because an attacker deleted the block.\nIf you are in a single-client setting, you can let it treat missing blocks as integrity violations, which will ensure that you notice if an attacker deletes one of your files.\nHowever, in this case, you will not be able to use the file system with other devices anymore.\nDo you want to treat missing blocks as integrity violations?");
+    }
+
     bool CryConfigConsole::_checkUseDefaultSettings() {
         if (_useDefaultSettings == none) {
             _useDefaultSettings = _console->askYesNo("Use default settings?");
diff --git a/src/cryfs/config/CryConfigConsole.h b/src/cryfs/config/CryConfigConsole.h
index 4156a115..62a496e7 100644
--- a/src/cryfs/config/CryConfigConsole.h
+++ b/src/cryfs/config/CryConfigConsole.h
@@ -14,9 +14,11 @@ namespace cryfs {
 
         std::string askCipher();
         uint32_t askBlocksizeBytes();
+        bool askMissingBlockIsIntegrityViolation();
 
         static constexpr const char *DEFAULT_CIPHER = "aes-256-gcm";
         static constexpr uint32_t DEFAULT_BLOCKSIZE_BYTES = 32 * 1024; // 32KB
+        static constexpr uint32_t DEFAULT_MISSINGBLOCKISINTEGRITYVIOLATION = false;
 
     private:
 
@@ -25,6 +27,7 @@ namespace cryfs {
         std::string _askCipher() const;
         bool _showWarningForCipherAndReturnIfOk(const std::string &cipherName) const;
         uint32_t _askBlocksizeBytes() const;
+        bool _askMissingBlockIsIntegrityViolation() const;
 
         std::shared_ptr<cpputils::Console> _console;
         boost::optional<bool> _useDefaultSettings;
diff --git a/src/cryfs/config/CryConfigCreator.cpp b/src/cryfs/config/CryConfigCreator.cpp
index 00ba0f91..56b2a877 100644
--- a/src/cryfs/config/CryConfigCreator.cpp
+++ b/src/cryfs/config/CryConfigCreator.cpp
@@ -21,7 +21,7 @@ namespace cryfs {
         :_console(console), _configConsole(console, noninteractive), _encryptionKeyGenerator(encryptionKeyGenerator) {
     }
 
-    CryConfigCreator::ConfigCreateResult CryConfigCreator::create(const optional<string> &cipherFromCommandLine, const optional<uint32_t> &blocksizeBytesFromCommandLine) {
+    CryConfigCreator::ConfigCreateResult CryConfigCreator::create(const optional<string> &cipherFromCommandLine, const optional<uint32_t> &blocksizeBytesFromCommandLine, const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine) {
         CryConfig config;
         config.SetCipher(_generateCipher(cipherFromCommandLine));
         config.SetVersion(gitversion::VersionString());
@@ -30,10 +30,11 @@ namespace cryfs {
         config.SetRootBlob(_generateRootBlobKey());
         config.SetEncryptionKey(_generateEncKey(config.Cipher()));
         config.SetFilesystemId(_generateFilesystemID());
+        uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config.FilesystemId())).loadOrGenerate();
+        config.SetExclusiveClientId(_generateExclusiveClientId(missingBlockIsIntegrityViolationFromCommandLine, myClientId));
 #ifndef CRYFS_NO_COMPATIBILITY
         config.SetHasVersionNumbers(true);
 #endif
-        uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config.FilesystemId())).loadOrGenerate();
         return ConfigCreateResult {std::move(config), myClientId};
     }
 
@@ -55,6 +56,21 @@ namespace cryfs {
         }
     }
 
+    optional<uint32_t> CryConfigCreator::_generateExclusiveClientId(const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, uint32_t myClientId) {
+        if (!_generateMissingBlockIsIntegrityViolation(missingBlockIsIntegrityViolationFromCommandLine)) {
+            return none;
+        }
+        return myClientId;
+    }
+
+    bool CryConfigCreator::_generateMissingBlockIsIntegrityViolation(const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine) {
+        if (missingBlockIsIntegrityViolationFromCommandLine != none) {
+            return *missingBlockIsIntegrityViolationFromCommandLine;
+        } else {
+            return _configConsole.askMissingBlockIsIntegrityViolation();
+        }
+    }
+
     string CryConfigCreator::_generateEncKey(const std::string &cipher) {
         _console->print("\nGenerating secure encryption key. This might take some time..");
         auto key = CryCiphers::find(cipher).createKey(_encryptionKeyGenerator);
diff --git a/src/cryfs/config/CryConfigCreator.h b/src/cryfs/config/CryConfigCreator.h
index b02eea11..e0215ff7 100644
--- a/src/cryfs/config/CryConfigCreator.h
+++ b/src/cryfs/config/CryConfigCreator.h
@@ -19,13 +19,15 @@ namespace cryfs {
             uint32_t myClientId;
         };
 
-        ConfigCreateResult create(const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine);
+        ConfigCreateResult create(const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine);
     private:
         std::string _generateCipher(const boost::optional<std::string> &cipherFromCommandLine);
         std::string _generateEncKey(const std::string &cipher);
         std::string _generateRootBlobKey();
         uint32_t _generateBlocksizeBytes(const boost::optional<uint32_t> &blocksizeBytesFromCommandLine);
         CryConfig::FilesystemID _generateFilesystemID();
+        boost::optional<uint32_t> _generateExclusiveClientId(const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, uint32_t myClientId);
+        bool _generateMissingBlockIsIntegrityViolation(const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine);
 
         std::shared_ptr<cpputils::Console> _console;
         CryConfigConsole _configConsole;
diff --git a/src/cryfs/config/CryConfigLoader.cpp b/src/cryfs/config/CryConfigLoader.cpp
index db50a00d..e580ca3c 100644
--- a/src/cryfs/config/CryConfigLoader.cpp
+++ b/src/cryfs/config/CryConfigLoader.cpp
@@ -31,10 +31,11 @@ using namespace cpputils::logging;
 
 namespace cryfs {
 
-CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive)
+CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, bool noninteractive)
     : _console(console), _creator(console, keyGenerator, noninteractive), _scryptSettings(scryptSettings),
       _askPasswordForExistingFilesystem(askPasswordForExistingFilesystem), _askPasswordForNewFilesystem(askPasswordForNewFilesystem),
-      _cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine) {
+      _cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine),
+      _missingBlockIsIntegrityViolationFromCommandLine(missingBlockIsIntegrityViolationFromCommandLine) {
 }
 
 optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::_loadConfig(const bf::path &filename) {
@@ -58,6 +59,7 @@ optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::_loadConfig(const b
   }
   _checkCipher(*config->config());
   uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config->config()->FilesystemId())).loadOrGenerate();
+  _checkMissingBlocksAreIntegrityViolations(&*config, myClientId);
   return ConfigLoadResult {std::move(*config), myClientId};
 }
 
@@ -80,6 +82,25 @@ void CryConfigLoader::_checkCipher(const CryConfig &config) const {
   }
 }
 
+void CryConfigLoader::_checkMissingBlocksAreIntegrityViolations(CryConfigFile *configFile, uint32_t myClientId) {
+  if (_missingBlockIsIntegrityViolationFromCommandLine == optional<bool>(true) && configFile->config()->ExclusiveClientId() == none) {
+    throw std::runtime_error("You specified on the command line to treat missing blocks as integrity violations, but the file system is not setup to do that.");
+  }
+  if (_missingBlockIsIntegrityViolationFromCommandLine == optional<bool>(false) && configFile->config()->ExclusiveClientId() != none) {
+    throw std::runtime_error("You specified on the command line to not treat missing blocks as integrity violations, but the file system is setup to do that.");
+  }
+
+  // If the file system is set up to treat missing blocks as integrity violations, but we're accessing from a different client, ask whether they want to disable the feature.
+  auto exclusiveClientId = configFile->config()->ExclusiveClientId();
+  if (exclusiveClientId != none && *exclusiveClientId != myClientId) {
+    if (!_console->askYesNo("\nThis filesystem is setup to treat missing blocks as integrity violations and therefore only works in single-client mode. You are trying to access it from a different client.\nDo you want to disable this integrity feature and stop treating missing blocks as integrity violations?\nChoosing yes will not affect the confidentiality of your data, but in future you might not notice if an attacker deletes one of your files.")) {
+      throw std::runtime_error("File system is in single-client mode and can only be used from the client that created it.");
+    }
+    configFile->config()->SetExclusiveClientId(none);
+    configFile->save();
+  }
+}
+
 optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::loadOrCreate(const bf::path &filename) {
   if (bf::exists(filename)) {
     return _loadConfig(filename);
@@ -89,7 +110,7 @@ optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::loadOrCreate(const
 }
 
 CryConfigLoader::ConfigLoadResult CryConfigLoader::_createConfig(const bf::path &filename) {
-  auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine);
+  auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine, _missingBlockIsIntegrityViolationFromCommandLine);
   //TODO Ask confirmation if using insecure password (<8 characters)
   string password = _askPasswordForNewFilesystem();
   std::cout << "Creating config file (this can take some time)..." << std::flush;
diff --git a/src/cryfs/config/CryConfigLoader.h b/src/cryfs/config/CryConfigLoader.h
index 5515e625..340bdcf9 100644
--- a/src/cryfs/config/CryConfigLoader.h
+++ b/src/cryfs/config/CryConfigLoader.h
@@ -13,7 +13,7 @@ namespace cryfs {
 
 class CryConfigLoader final {
 public:
-  CryConfigLoader(std::shared_ptr<cpputils::Console> console, cpputils::RandomGenerator &keyGenerator, const cpputils::SCryptSettings &scryptSettings, std::function<std::string()> askPasswordForExistingFilesystem, std::function<std::string()> askPasswordForNewFilesystem, const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive);
+  CryConfigLoader(std::shared_ptr<cpputils::Console> console, cpputils::RandomGenerator &keyGenerator, const cpputils::SCryptSettings &scryptSettings, std::function<std::string()> askPasswordForExistingFilesystem, std::function<std::string()> askPasswordForNewFilesystem, const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, bool noninteractive);
   CryConfigLoader(CryConfigLoader &&rhs) = default;
 
   struct ConfigLoadResult {
@@ -28,6 +28,7 @@ private:
     ConfigLoadResult _createConfig(const boost::filesystem::path &filename);
     void _checkVersion(const CryConfig &config);
     void _checkCipher(const CryConfig &config) const;
+    void _checkMissingBlocksAreIntegrityViolations(CryConfigFile *configFile, uint32_t myClientId);
 
     std::shared_ptr<cpputils::Console> _console;
     CryConfigCreator _creator;
@@ -36,6 +37,7 @@ private:
     std::function<std::string()> _askPasswordForNewFilesystem;
     boost::optional<std::string> _cipherFromCommandLine;
     boost::optional<uint32_t> _blocksizeBytesFromCommandLine;
+    boost::optional<bool> _missingBlockIsIntegrityViolationFromCommandLine;
 
     DISALLOW_COPY_AND_ASSIGN(CryConfigLoader);
 };
diff --git a/src/cryfs/config/crypto/inner/ConcreteInnerEncryptor.h b/src/cryfs/config/crypto/inner/ConcreteInnerEncryptor.h
index 3f1c6e19..190266aa 100644
--- a/src/cryfs/config/crypto/inner/ConcreteInnerEncryptor.h
+++ b/src/cryfs/config/crypto/inner/ConcreteInnerEncryptor.h
@@ -11,7 +11,7 @@ namespace cryfs {
     template<class Cipher>
     class ConcreteInnerEncryptor final: public InnerEncryptor {
     public:
-        static constexpr size_t CONFIG_SIZE = 512;  // Inner config data is grown to this size before encryption to hide its actual size
+        static constexpr size_t CONFIG_SIZE = 900;  // Inner config data is grown to this size before encryption to hide its actual size
 
         ConcreteInnerEncryptor(typename Cipher::EncryptionKey key);
 
diff --git a/test/cryfs/config/CryConfigConsoleTest.cpp b/test/cryfs/config/CryConfigConsoleTest.cpp
index 4a8be8d8..7746b0c7 100644
--- a/test/cryfs/config/CryConfigConsoleTest.cpp
+++ b/test/cryfs/config/CryConfigConsoleTest.cpp
@@ -46,6 +46,10 @@ class CryConfigConsoleTest_Cipher: public CryConfigConsoleTest {};
   EXPECT_CALL(*console, askYesNo("Use default settings?")).Times(1).WillOnce(Return(false));                           \
   EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(1)
 
+#define EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION()                                                                                     \
+  EXPECT_CALL(*console, askYesNo("Use default settings?")).Times(1).WillOnce(Return(false));                           \
+  EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(1)
+
 TEST_F(CryConfigConsoleTest_Cipher, AsksForCipher) {
     EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseAnyCipher());
     cryconsole.askCipher();
@@ -70,6 +74,11 @@ TEST_F(CryConfigConsoleTest_Cipher, AsksForBlocksize) {
     cryconsole.askBlocksizeBytes();
 }
 
+TEST_F(CryConfigConsoleTest_Cipher, AsksForMissingBlockIsIntegrityViolation) {
+    EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION().WillOnce(Return(true));
+    cryconsole.askMissingBlockIsIntegrityViolation();
+}
+
 TEST_F(CryConfigConsoleTest_Cipher, ChooseDefaultBlocksizeWhenNoninteractiveEnvironment) {
     EXPECT_CALL(*console, askYesNo(HasSubstr("default"))).Times(0);
     EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(0);
diff --git a/test/cryfs/config/CryConfigCreatorTest.cpp b/test/cryfs/config/CryConfigCreatorTest.cpp
index 214a6251..4b0963e8 100644
--- a/test/cryfs/config/CryConfigCreatorTest.cpp
+++ b/test/cryfs/config/CryConfigCreatorTest.cpp
@@ -37,6 +37,12 @@ using ::testing::WithParamInterface;
   EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(1)
 #define EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE()                                                                            \
   EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(0)
+#define EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION()                                                              \
+  EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(1)
+#define EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION()                                                     \
+  EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(0)
+#define IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION()                                                              \
+  EXPECT_CALL(*console, askYesNo(HasSubstr("missing block")))
 
 class CryConfigCreatorTest: public ::testing::Test {
 public:
@@ -62,92 +68,130 @@ public:
 
 TEST_F(CryConfigCreatorTest, DoesAskForCipherIfNotSpecified) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseAnyCipher());
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfSpecified) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_DOES_NOT_ASK_FOR_CIPHER();
-    CryConfig config = creator.create(string("aes-256-gcm"), none).config;
+    CryConfig config = creator.create(string("aes-256-gcm"), none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfUsingDefaultSettings) {
     AnswerYesToDefaultSettings();
     EXPECT_DOES_NOT_ASK_FOR_CIPHER();
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfNoninteractive) {
     EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
     EXPECT_DOES_NOT_ASK_FOR_CIPHER();
-    CryConfig config = noninteractiveCreator.create(none, none).config;
+    CryConfig config = noninteractiveCreator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesAskForBlocksizeIfNotSpecified) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_ASK_FOR_BLOCKSIZE().WillOnce(Return(1));
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfSpecified) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
-    CryConfig config = creator.create(none, 10*1024u).config;
+    CryConfig config = creator.create(none, 10*1024u, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfNoninteractive) {
     EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
     EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
-    CryConfig config = noninteractiveCreator.create(none, none).config;
+    CryConfig config = noninteractiveCreator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfUsingDefaultSettings) {
     AnswerYesToDefaultSettings();
     EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
+}
+
+TEST_F(CryConfigCreatorTest, DoesAskWhetherMissingBlocksAreIntegrityViolationsIfNotSpecified) {
+    AnswerNoToDefaultSettings();
+    EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION().WillOnce(Return(true));
+    CryConfig config = creator.create(none, none, none).config;
+}
+
+TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfSpecified_True) {
+    AnswerNoToDefaultSettings();
+    EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
+    CryConfig config = creator.create(none, none, true).config;
+}
+
+TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfSpecified_False) {
+    AnswerNoToDefaultSettings();
+    EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
+    CryConfig config = creator.create(none, none, false).config;
+}
+
+TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfNoninteractive) {
+    EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
+    EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
+    CryConfig config = noninteractiveCreator.create(none, none, none).config;
+}
+
+TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfUsingDefaultSettings) {
+    AnswerYesToDefaultSettings();
+    EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
+    CryConfig config = creator.create(none, none, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, ChoosesEmptyRootBlobId) {
     AnswerNoToDefaultSettings();
-    CryConfig config = creator.create(none, none).config;
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
+    CryConfig config = creator.create(none, none, none).config;
     EXPECT_EQ("", config.RootBlob()); // This tells CryFS to create a new root blob
 }
 
 TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_448) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("mars-448-gcm"));
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
     cpputils::Mars448_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
 }
 
 TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_256) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-256-gcm"));
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
     cpputils::AES256_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
 }
 
 TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_128) {
     AnswerNoToDefaultSettings();
+    IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
     EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-128-gcm"));
-    CryConfig config = creator.create(none, none).config;
+    CryConfig config = creator.create(none, none, none).config;
     cpputils::AES128_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
 }
 
 TEST_F(CryConfigCreatorTest, DoesNotAskForAnythingIfEverythingIsSpecified) {
     EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
     EXPECT_DOES_NOT_ASK_FOR_CIPHER();
-    CryConfig config = noninteractiveCreator.create(string("aes-256-gcm"), 10*1024u).config;
+    CryConfig config = noninteractiveCreator.create(string("aes-256-gcm"), 10*1024u, none).config;
 }
 
 TEST_F(CryConfigCreatorTest, SetsCorrectCreatedWithVersion) {
-    CryConfig config = noninteractiveCreator.create(none, none).config;
+    CryConfig config = noninteractiveCreator.create(none, none, none).config;
     EXPECT_EQ(gitversion::VersionString(), config.CreatedWithVersion());
 }
 
 TEST_F(CryConfigCreatorTest, SetsCorrectVersion) {
-    CryConfig config = noninteractiveCreator.create(none, none).config;
+    CryConfig config = noninteractiveCreator.create(none, none, none).config;
     EXPECT_EQ(gitversion::VersionString(), config.Version());
 }
 
diff --git a/test/cryfs/config/CryConfigLoaderTest.cpp b/test/cryfs/config/CryConfigLoaderTest.cpp
index 53361bae..c4064236 100644
--- a/test/cryfs/config/CryConfigLoaderTest.cpp
+++ b/test/cryfs/config/CryConfigLoaderTest.cpp
@@ -39,7 +39,7 @@ public:
 
     CryConfigLoader loader(const string &password, bool noninteractive, const optional<string> &cipher = none) {
         auto askPassword = [password] { return password;};
-        return CryConfigLoader(console, cpputils::Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, cipher, none, noninteractive);
+        return CryConfigLoader(console, cpputils::Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, cipher, none, none, noninteractive);
     }
 
     CryConfigFile Create(const string &password = "mypassword", const optional<string> &cipher = none, bool noninteractive = false) {
diff --git a/test/cryfs/filesystem/CryFsTest.cpp b/test/cryfs/filesystem/CryFsTest.cpp
index ef71705f..fa12d840 100644
--- a/test/cryfs/filesystem/CryFsTest.cpp
+++ b/test/cryfs/filesystem/CryFsTest.cpp
@@ -40,7 +40,7 @@ public:
 
   CryConfigFile loadOrCreateConfig() {
     auto askPassword = [] {return "mypassword";};
-    return CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, true).loadOrCreate(config.path()).value().configFile;
+    return CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, none, true).loadOrCreate(config.path()).value().configFile;
   }
 
   unique_ref<OnDiskBlockStore> blockStore() {
diff --git a/test/cryfs/filesystem/FileSystemTest.cpp b/test/cryfs/filesystem/FileSystemTest.cpp
index 358308d6..fbc094d6 100644
--- a/test/cryfs/filesystem/FileSystemTest.cpp
+++ b/test/cryfs/filesystem/FileSystemTest.cpp
@@ -29,7 +29,7 @@ public:
   unique_ref<Device> createDevice() override {
     auto blockStore = cpputils::make_unique_ref<FakeBlockStore>();
     auto askPassword = [] {return "mypassword";};
-    auto config = CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, true)
+    auto config = CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, none, true)
             .loadOrCreate(configFile.path()).value();
     return make_unique_ref<CryDevice>(std::move(config.configFile), std::move(blockStore), config.myClientId);
   }