From: Ted Ts'o <tytso@mit.edu>
To: "Kasatkin, Dmitry" <dmitry.kasatkin@intel.com>
Cc: Andreas Dilger <adilger@dilger.ca>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
Subject: Re: Ext4 data structures integrity
Date: Thu, 29 Sep 2011 09:55:35 -0400 [thread overview]
Message-ID: <20110929135535.GS19250@thunk.org> (raw)
In-Reply-To: <CALLzPKbDYv_WM13u2=Wp4oXP11wMZ7rN4+Qph-w2XzsK0Y2urg@mail.gmail.com>
On Thu, Sep 29, 2011 at 04:33:52PM +0300, Kasatkin, Dmitry wrote:
> >>
> >> There is work currently being done to add checksums for detecting filesystem corruption (see list archive). However, if the attacker can binary edit the underlying disk device then they can also edit the checksums (crc32c) at the same time.
> >>
> >> The only secure way to handle this would be a crypto checksum with a secret key.
> >
>
> Can you please give me some links to it????
Darrick Wong has been sending patches to the linux-ext4 mailing for
review to use crc32c to protect various parts of the file system
metadata.
There has been no work to the "crypto checksum with a secret key" bit;
the hard part is where you would securely store the secret key so that
only a trusted kernel has access to it.
- Ted
next prev parent reply other threads:[~2011-09-29 13:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-28 13:42 Ext4 data structures integrity Kasatkin, Dmitry
2011-09-28 13:56 ` Ted Ts'o
2011-09-28 15:19 ` Kasatkin, Dmitry
2011-09-28 15:45 ` Ted Ts'o
2011-09-29 12:24 ` Kasatkin, Dmitry
2011-09-29 12:56 ` Ted Ts'o
2011-09-29 13:32 ` Kasatkin, Dmitry
2011-09-28 17:16 ` Andreas Dilger
2011-09-29 12:31 ` Kasatkin, Dmitry
2011-09-29 13:33 ` Kasatkin, Dmitry
2011-09-29 13:55 ` Ted Ts'o [this message]
2011-10-07 11:40 ` Kasatkin, Dmitry
[not found] ` <64BEDF63-5861-47C9-AC90-F41768D09F17@mit.edu>
2011-10-07 14:20 ` Kasatkin, Dmitry
2011-10-07 15:22 ` Theodore Tso
2011-11-08 23:44 ` Mimi Zohar
2011-11-10 11:21 ` Kasatkin, Dmitry
2011-09-29 16:35 ` Andreas Dilger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110929135535.GS19250@thunk.org \
--to=tytso@mit.edu \
--cc=adilger@dilger.ca \
--cc=dmitry.kasatkin@intel.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).