From: davidsen@tmr.com (bill davidsen)
To: linux-kernel@vger.kernel.org
Subject: Re: partially encrypted filesystem
Date: 3 Dec 2003 23:20:24 GMT [thread overview]
Message-ID: <bqlr3o$khe$1@gatekeeper.tmr.com> (raw)
In-Reply-To: Pine.LNX.4.53.0312031627440.3725@chaos
In article <Pine.LNX.4.53.0312031627440.3725@chaos>,
Richard B. Johnson <root@chaos.analogic.com> wrote:
| On Wed, 3 Dec 2003, Kallol Biswas wrote:
|
| >
| > Hello,
| > We have a requirement that a filesystem has to support
| > encryption based on some policy. The filesystem also should be able
| > to store data in non-encrypted form. A search on web shows a few
| > encrypted filesystems like "Crypto" from Suse Linux, but we need a
| > system where encryption will be a choice per file. We have a hardware
| > controller to apply encryption algorithm. If a filesystem provides hooks
| > to use a hardware controller to do the encryption work then the cpu can
| > be freed from doing the extra work.
| >
| > Any comment on this?
| >
| > Kallol
| > NucleoDyne Systems.
| > nucleon@nucleodyne.com
| > 408-718-8164
|
| I think you just need your application to encrypt data where needed.
| Or to read/write to an encrypted file-system which always encrypts.
| You really don't want policy inside the kernel.
|
| Let's say you decided to ignore me and do it anyway. The file-systems
| are a bunch of inodes. Every time you want to read or write one, something
| has to decide if it's encrypted and, if it is, how to encrypt or
| decrypt it. Even the length of the required read or write becomes
| dependent upon the type of encryption being used. Surely you don't
| want to use an algorithm where a N-byte string gets encoded into a
| N-byte string because to do so gives away the length, from which
| one can derive other aspects, resulting in discovering the true content.
| So, you need variable-length inodes --- what a mess. The result
| would be one of the slowest file-systems you could devise.
|
| Encrypted file-systems, where you encrypt everything that goes
| on the media work. Making something that could be either/or,
| while possible, is not likely going to be very satisfying.
Well said. This isn't the way to do it as you say, although you could
add an O_CRYPTO flag to creat() if you really wanted to.
Crypto in the program is definitely the better solution.
--
bill davidsen <davidsen@tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
next prev parent reply other threads:[~2003-12-03 23:31 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-03 21:07 partially encrypted filesystem Kallol Biswas
2003-12-03 21:44 ` Richard B. Johnson
2003-12-03 23:20 ` bill davidsen [this message]
2003-12-03 21:44 ` Jörn Engel
2003-12-03 21:44 ` Jörn Engel
2003-12-04 0:08 ` Linus Torvalds
2003-12-04 1:25 ` Jeff Garzik
2003-12-04 2:08 ` Linus Torvalds
2003-12-04 3:59 ` H. Peter Anvin
2003-12-04 2:37 ` Charles Manning
2003-12-04 14:17 ` Jörn Engel
2003-12-04 15:20 ` Linus Torvalds
2003-12-04 16:07 ` Phillip Lougher
2003-12-04 17:26 ` Jörn Engel
2003-12-04 17:26 ` Jörn Engel
2003-12-04 18:20 ` Phillip Lougher
2003-12-04 18:40 ` Jörn Engel
2003-12-04 19:41 ` Erez Zadok
2003-12-05 11:20 ` Jörn Engel
2003-12-05 16:16 ` Erez Zadok
2003-12-05 19:14 ` Matthew Wilcox
2003-12-05 19:47 ` Erez Zadok
2003-12-05 20:28 ` Matthew Wilcox
2003-12-05 21:38 ` Pat LaVarre
2003-12-06 0:15 ` Maciej Zenczykowski
2003-12-06 1:35 ` Pat LaVarre
2003-12-06 2:39 ` Valdis.Kletnieks
2003-12-06 11:43 ` Maciej Zenczykowski
2003-12-07 0:04 ` Shaya Potter
2003-12-08 14:08 ` Jörn Engel
2003-12-06 0:50 ` Phillip Lougher
2003-12-08 11:37 ` David Woodhouse
2003-12-08 11:37 ` David Woodhouse
2003-12-08 13:44 ` phillip
2003-12-08 14:07 ` David Woodhouse
2003-12-10 1:16 ` [OT?]Re: " Charles Manning
2003-12-10 17:45 ` Phillip Lougher
2003-12-09 23:40 ` Pat LaVarre
2003-12-10 0:07 ` Pavel Machek
2003-12-10 1:28 ` Pat LaVarre
2003-12-10 2:13 ` Charles Manning
2003-12-05 19:58 ` Pat LaVarre
2003-12-08 11:28 ` David Woodhouse
2003-12-08 13:49 ` phillip
2003-12-04 19:18 ` David Wagner
2003-12-05 13:02 ` Jörn Engel
2003-12-05 17:28 ` Frank v Waveren
2003-12-05 23:59 ` David Wagner
2003-12-19 15:01 ` Rik van Riel
2003-12-04 3:10 ` Valdis.Kletnieks
2003-12-04 18:16 ` Hans Reiser
-- strict thread matches above, loose matches on Subject: below --
2003-12-06 19:56 Pat LaVarre
2003-12-06 22:07 ` Maciej Zenczykowski
2003-12-10 3:22 Valient Gough
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bqlr3o$khe$1@gatekeeper.tmr.com' \
--to=davidsen@tmr.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.