Re: partially encrypted filesystem
From: Phillip Lougher
Date: Thu Dec 04 2003 - 13:24:52 EST
Jörn Engel wrote:
So - as sick as it sounds - jffs2 may actually be the fs of choice
when doing encryption, even though working on a hard drive and not
flash. Cool. :)
Considering that Jffs2 is the only writeable compressed filesystem, yes.
What should be borne in mind is compressed filesystems never expect
the data after compression to be bigger than the original data. In the
case where the compressed data is bigger, the original data is used
instead, which is hardy ideal for an encrypted filesystem, and so more
than a direct substitution of compression function for encrypt function
is needed - this is of course only relevant if the encryption algorithm
used could return more data...
Depends on how much security you really care about. If you really
don't mind the pain involved, some metadata should explicitly *not* be
encrypted, to avoid known plaintext attacks. To a serious attacker,
this could be a death stroke for ext over cryptoloop, actually.
You're assuming the metadata (inodes, indexes and directory entries),
are encrypted with the same key, and therefore decrypting the directory
data using plaintext attacks will give the attacker the key to the
entire metadata? There is nothing preventing the directory data being
encrypted separately with a different key, and therefore a plaintext
attack would get nothing more than the directory information.
As you say, you highlight a drawback with cryptoloop and cloop, because
they cannot distinquish between different types of data. This sort of
thing should always be done at the fs level rather than the block level...
In real life, though, the humans are usually the weakest link, so this
doesn't matter anyway.
Hmmm, why not give give up completely then?
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/