From: Juan Quintela <quintela@mandrakesoft.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Erik Mouw <J.A.K.Mouw@its.tudelft.nl>,
Rajaram Suresh Gaunker <rajarams1@rediffmail.com>,
linux-fsdevel@vger.kernel.org, kernelnewbies@nl.linux.org
Subject: Re: Hi
Date: Wed, 19 Feb 2003 16:37:13 +0100 [thread overview]
Message-ID: <8665rguvrq.fsf@trasno.mitica> (raw)
In-Reply-To: <1045668167.19863.27.camel@passion.cambridge.redhat.com> (David Woodhouse's message of "19 Feb 2003 15:22:48 +0000")
>>>>> "david" == David Woodhouse <dwmw2@infradead.org> writes:
david> On Wed, 2003-02-19 at 14:54, Juan Quintela wrote (re encryption):
>> If you do it at the filesystem layer you:
>> a- leave the filesystem structure (i.e. names) unencrypted
david> Why would you want to do that? It's not really an invariant property of
david> encryption-capable file systems, surely? You can crypt the names if you
david> want to.
Some paranoid security person, don't want an attacker to know what
file to atack :p
I.e. that the attacker is able to read a name like:
here_is_where_we_store_security_passworkds.txt
And they have the same problem for only giving them the filesystem
structure :(
>> b- you just don't care if you are not able to recover things at fsck
>> time :(
david> Likewise. It might be decreed that file sizes and directory tree
david> structure are an acceptable leak of information and hence you can have a
david> fsck which just doesn't grok either filenames, permissions or data -- or
david> you might decide that's not an acceptable leak, and require the key in
david> order to fsck it. You need the key in order to fsck a file system on an
david> encrypted block device _anyway_, right?
Yep, problem is that you have a corrupted filesystem, you know the
key, but you don't know what kind of information has this block. If
the block is encrypted, bets are basically off :( you can't apply
easily heuristics :( Was that blocked ever used, and then its value
is encrypted/have nothing interesting?
>> c- you are really clever and finds a way to encrypt all the filesystem
>> and recovering from a crash
david> Parse error.
>> Apart from that, doing it at the block layer should be much, much
>> easier :)
david> Filesystems are hard. Let's go shopping :)
david> Doing redundancy at the block layer is much much easier too. That
david> doesn't necessarily make it not suck when a raid rebuild is pointlessly
david> copying blocks which aren't actually _referenced_ by the file system,
david> because it doesn't have the knowledge about the layout that the file
david> system does.
I think that the only reason why encryption at the filesystem level
makes sense is when you want to only encrypt _some_ files, but at that
point, you can also encrypt by hand them with some script/similar :(
About that things are easier at the filesystem level than at the block
device, yes, they exist, another example is snapshots. Snapshots at
the block level are easy to do, they just use a lot of disk space. At
the filesystem level, they are more eficient (duplicated info is
minimal), but you need to be very, very careful to implement them at
the filesystem level. At the block level it is _almost_ trivial (at
least when you compare it with an implementation at the filesystem
level).
It just happens that from my point of view, encryption is a lot
easier and more secure done at the Block layer level.
Later, Juan.
--
In theory, practice and theory are the same, but in practice they
are different -- Larry McVoy
next prev parent reply other threads:[~2003-02-19 15:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-18 15:04 Hi Rajaram Suresh Gaunker
2003-02-18 16:34 ` Hi Erik Mouw
2003-02-18 23:07 ` Hi David Woodhouse
2003-02-19 14:54 ` Hi Juan Quintela
2003-02-19 15:22 ` Hi David Woodhouse
2003-02-19 15:37 ` Juan Quintela [this message]
2003-02-19 15:40 ` Hi Erik Mouw
2003-02-19 16:09 ` Hi Juan Quintela
2003-02-19 15:35 ` Hi Erik Mouw
2003-02-19 15:44 ` Hi David Woodhouse
2003-02-19 16:49 ` Hi Erik Mouw
2003-02-19 17:00 ` Hi Jan Harkes
2003-02-18 18:55 ` Hi Bryan Henderson
-- strict thread matches above, loose matches on Subject: below --
2022-06-15 21:59 Hi Emerald Johansson
2018-12-19 20:08 HI Mrs Suzara Maling Wan
2015-10-20 1:45 Hi Judith Guest
2015-06-14 2:09 Hi Patricia Horoho
2013-12-21 8:18 Hi 906sl5glxg
2013-07-12 8:21 hi voady4cool
2013-01-03 17:04 hi keketa vieira
2011-10-28 11:10 Hi lisa hedstrand
2011-09-23 13:16 hi Mrs. Xue Chong
2010-11-06 8:24 hi Gabriel kante
2010-06-14 20:34 HI Dora Saki
2006-02-23 15:26 hi Edmund P. Hilton, V
2006-02-18 4:57 hi Bobbie M. Hancock
2002-09-15 23:57 hi Bety Lora
2002-09-08 5:10 hi Matthew Stapleton
2002-09-08 11:39 ` hi Matti Aarnio
2002-09-07 20:30 hi Angel GrefurT
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8665rguvrq.fsf@trasno.mitica \
--to=quintela@mandrakesoft.com \
--cc=J.A.K.Mouw@its.tudelft.nl \
--cc=dwmw2@infradead.org \
--cc=kernelnewbies@nl.linux.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=rajarams1@rediffmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox