Re: crypto and fsck guys.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Arjan van de Ven: "Re: [patch] RFC: Namespace-collision between SIM710 and 53C7,8XX"
• Previous message: Alan Cox: "Re: Will knfsd patches be included in 2.2.13?"
• In reply to: Alan Cox: "Re: crypto and fsck guys."

My cryptfs is a stackable file system which mounts over any existing
directory. No keys are stored on disk, and the underlying file system
(ext2, nfs, whatever you want) does NOT change at all. Therefore, you use
normal fsck and other utilities, w/o fear of corruption. You do your backup
on the lower-level (ciphertext) directories, which is (1) faster b/c you
don't need to decrypt and (2) safer b/c the backup operator doesn't need to
decrypt the data.

The cost of this stacking is 5-7% over the lower-level (stacked-on) file
system. This cost is well worth it IMHO, esp. given that crypto algorithms
cost much more than that.

You can get software and several papers on the subject from

http://www.cs.columbia.edu/~ezk/research/
http://www.cs.columbia.edu/~ezk/research/software/

-- 
Erez Zadok.
Columbia University Department of Computer Science.
---
EMail: ezk@cs.columbia.edu           Web: http://www.cs.columbia.edu/~ezk

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/






 Next message: Arjan van de Ven: "Re: [patch] RFC: Namespace-collision between SIM710 and 53C7,8XX"
 Previous message: Alan Cox: "Re: Will knfsd patches be included in 2.2.13?"
 In reply to: Alan Cox: "Re: crypto and fsck guys."