Re: partially encrypted filesystem

From: Phillip Lougher
Date: Thu Dec 04 2003 - 13:24:52 EST

Jörn Engel wrote:

So - as sick as it sounds - jffs2 may actually be the fs of choice
when doing encryption, even though working on a hard drive and not
flash. Cool. :)

Considering that Jffs2 is the only writeable compressed filesystem, yes. What should be borne in mind is compressed filesystems never expect the data after compression to be bigger than the original data. In the case where the compressed data is bigger, the original data is used instead, which is hardy ideal for an encrypted filesystem, and so more than a direct substitution of compression function for encrypt function is needed - this is of course only relevant if the encryption algorithm used could return more data...

Depends on how much security you really care about. If you really
don't mind the pain involved, some metadata should explicitly *not* be
encrypted, to avoid known plaintext attacks. To a serious attacker,
this could be a death stroke for ext[23] over cryptoloop, actually.

You're assuming the metadata (inodes, indexes and directory entries), are encrypted with the same key, and therefore decrypting the directory data using plaintext attacks will give the attacker the key to the entire metadata? There is nothing preventing the directory data being encrypted separately with a different key, and therefore a plaintext attack would get nothing more than the directory information.

As you say, you highlight a drawback with cryptoloop and cloop, because they cannot distinquish between different types of data. This sort of thing should always be done at the fs level rather than the block level...

In real life, though, the humans are usually the weakest link, so this
doesn't matter anyway.

Hmmm, why not give give up completely then?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at