From: "Gregory Maxwell" <gmaxwell@gmail.com>
To: "Florian Weimer" <fweimer@bfk.de>
Cc: linux-btrfs@vger.kernel.org
Subject: Re: Checksum and transform layering
Date: Thu, 6 Nov 2008 11:42:36 -0500 [thread overview]
Message-ID: <e692861c0811060842h5ca74e21t799f8321f4fe36c3@mail.gmail.com> (raw)
In-Reply-To: <82ej1oiznq.fsf@mid.bfk.de>
On Thu, Nov 6, 2008 at 11:31 AM, Florian Weimer <fweimer@bfk.de> wrote:
> * Gregory Maxwell:
>
>> I noticed in the compression support that the checksum is over the
>> uncompressed data.
>>
>> While this has the advantages that the checksum does not have to be
>> changed as transformations are changed and the system might catch
>> errors in the compression layer, this design decision will be
>> problematic if/when encryption is supported: Plaintext checksums
>> would leak substantial amounts of information about the content of
>> files.
>
> Would this be an issue if metadata (including file names) were
> encrypted as well?
If the checksum is encrypted, no, at least not obviously. But as I've
mentioned if the checksum is encrypted then you can't scrub the FS for
checksum errors without the keys.
A lack of metadata encryption would be another possible information
leak, but at least it's one which can probably be understood by users.
It would be nice if subvolume level encryption provided metadata
encryption. If metadata is encrypted but block checksums are
unencrypted and on plaintext then information will leak about the
files, even if the checksum is replaced with an unkeyed or
non-secret-keyed cryptographic hash, a secret-keyed hash is equivalent
to an encrypted checksum.
next prev parent reply other threads:[~2008-11-06 16:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-06 6:34 Checksum and transform layering Gregory Maxwell
2008-11-06 12:15 ` Claudio Martins
2008-11-06 17:49 ` Tracy Reed
2008-11-06 16:31 ` Florian Weimer
2008-11-06 16:42 ` Gregory Maxwell [this message]
[not found] ` <1225982445.15281.15.camel@think.oraclecorp.com>
2008-11-06 14:58 ` Gregory Maxwell
2008-11-06 15:27 ` Xavier Nicollet
2008-11-06 15:43 ` Gregory Maxwell
2008-12-09 0:23 ` Chris Mason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e692861c0811060842h5ca74e21t799f8321f4fe36c3@mail.gmail.com \
--to=gmaxwell@gmail.com \
--cc=fweimer@bfk.de \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox