Re: Checksum and transform layering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Nov 6, 2008 at 10:27 AM, Xavier Nicollet <nicollet@xxxxxxxx> wrote:> Le 06 novembre 2008 à 09:58, Gregory Maxwell a écrit:>> The latter would need to be a probably need to be a secret-keyed HMAC>> to prevent watermarking attacks and information leakage, [...]>> Dm-crypt on every disks seems a good alternative, doesn't it ?> You would use dm-crypt for your swap anyway.>> Did I miss something ?
Dmcrypt is fine but a rather blunt tool: It's all or nothing, and onlya single key.  It also can not store a unique nonce per block update,which may create some (theoretical) security weaknesses.  The wholething will need to be mounted with keys in memory even when you onlycare about a few files. (so someone who gains access to the systemcould access high security files even if the system was just beingused for web-browsing at the time)
With a more intelligent you could have per-subvolume keying, or evenbetter per-file allowing the encrypted filesystem to contain a mix offiles with differing security classes.
Take a look at http://ecryptfs.sourceforge.net/ for an example of amore-sophisticated filesystem encryption feature set.
At the least I think it would be useful if btrfs provided dmcryptfunctionality per subvolume, though full ecryptfs level functionalitywould be quite interesting.��.n��������+%������w��{.n�����{����n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�m
[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux