Hi all,
I'm a cryptographer with an interest in encrypting stored data.
Mike had asked me to read the eCryptfs design and I can confirm the
security statements made there, and that the algorithm choices are
adequate. The current release does not support integrity protection, but
this feature is promised for the next release through a MAC.
I don't see the need for tweakable encryption modes (like LRW, CMC)
in the eCryptfs strategy because being a virtual file system, it can
afford to insert some extra space and is not bound to the block
boundaries like a block device, for which these were developed. And with
integrity protection coming in the next release, the little extra security
gained in the current release by the tweakable modes would be a wasted
effort.
cc
---
Christian Cachin email: [email protected]
IBM Zurich Research Laboratory tel: +41-44-724-8989
Saumerstrasse 4 / Postfach fax: +41-44-724-8953
CH-8803 Rueschlikon, Switzerland http://www.zurich.ibm.com/~cca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
