On Thursday 06 November 2008, Gregory Maxwell wrote: > > While this has the advantages that the checksum does not have to be > changed as transformations are changed and the system might catch > errors in the compression layer, this design decision will be > problematic if/when encryption is supported: Plaintext checksums > would leak substantial amounts of information about the content of > files. The system could be switched to a keyed cryptographic hash, Indeed. The most obvious (and quite trivial) attack one can do is build a huge database of checksums for known files or chunks of files. AFAIK this has already been done by law enforcement/security agencies to detect "illegal" files, so it's definitely an issue that would affect any future encryption code implemented in btrfs. Regards Cláudio -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
