Re: eCryptfs Design Document

From: James Morris
Date: Fri Mar 24 2006 - 18:09:58 EST

Next message: john stultz: "Re: [PATCH]"
Previous message: Linas Vepstas: "[PATCH] powerpc/pseries: Cleanup device name printing."
In reply to: Michael Halcrow: "eCryptfs Design Document"
Next in thread: Michael Thompson: "Re: eCryptfs Design Document"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 24 Mar 2006, Michael Halcrow wrote:

> initialization vector by taking the MD5 sum of the file encryption
> key; the root IV is the first N bytes of that MD5 sum, where N is the
> number of bytes constituting an initialization vector for the cipher
> being used for the file (it is worth noting that known plaintext
> attacks against the MD5 hash algorithm do not affect the security of
> eCryptfs, since eCryptfs only hashes secret values).

What about other attacks on MD5? Hard coding it into the system makes me
nervous, what about making this selectable?

> By default, eCryptfs selects AES-128. Later versions of eCryptfs will
> allow the user to select the cipher and key length.

Also, what about making the encryption mode selectable, to at least allow
for like LRW support in addition to CBC?

- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: john stultz: "Re: [PATCH]"
Previous message: Linas Vepstas: "[PATCH] powerpc/pseries: Cleanup device name printing."
In reply to: Michael Halcrow: "eCryptfs Design Document"
Next in thread: Michael Thompson: "Re: eCryptfs Design Document"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]