Re: eCryptfs Design Document

["Michael Thompson" <michael.craig.thompson@gmail.com>]

On 3/24/06, James Morris <jmorris@namei.org> wrote:
> On Fri, 24 Mar 2006, Michael Halcrow wrote:
>
> > initialization vector by taking the MD5 sum of the file encryption
> > key; the root IV is the first N bytes of that MD5 sum, where N is the
> > number of bytes constituting an initialization vector for the cipher
> > being used for the file (it is worth noting that known plaintext
> > attacks against the MD5 hash algorithm do not affect the security of
> > eCryptfs, since eCryptfs only hashes secret values).
>
> What about other attacks on MD5?  Hard coding it into the system makes me
> nervous, what about making this selectable?
>
> > By default, eCryptfs selects AES-128. Later versions of eCryptfs will
> > allow the user to select the cipher and key length.
>
> Also, what about making the encryption mode selectable, to at least allow
> for like LRW support in addition to CBC?

These are part of the eCryptfs roadmap. I'm not sure when we are
planning to incorperate the functionality to select your hash and
cipher (I believe its 0.2 or 0.3), but we have experimented with this
and have had success doing so. The code is not included in 0.1 due to
lack of testing and conflict with our mental model of the releases.

Should this functionality be high desired / required, I see no reason
why it can't be added, but Mike Halcrow and Phillip need to weight in
on this too :)

--
Michael C. Thompson <mcthomps@us.ibm.com>
Software-Engineer, IBM LTC Security