From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Michael Thompson" <michael.craig.thompson@gmail.com>
Subject: Re: eCryptfs Design Document
Date: Mon, 27 Mar 2006 10:17:48 -0600
Message-ID: <afcef88a0603270817u6a32e37wb00c1aa9533bffe5@mail.gmail.com>
References: <20060324222517.GA13688@us.ibm.com>
	 <Pine.LNX.4.64.0603241757090.27964@excalibur.intercode>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Cc: "Michael Halcrow" <mhalcrow@us.ibm.com>,
	"Andrew Morton" <akpm@osdl.org>, phillip@hellewell.homeip.net,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	viro@ftp.linux.org.uk, mike@halcrow.us, mcthomps@us.ibm.com,
	yoder1@us.ibm.com, toml@us.ibm.com, emilyr@us.ibm.com,
	daw@cs.berkeley.edu
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from xproxy.gmail.com ([66.249.82.200]:19540 "EHLO xproxy.gmail.com")
	by vger.kernel.org with ESMTP id S1750961AbWC0QRu convert rfc822-to-8bit
	(ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 27 Mar 2006 11:17:50 -0500
Received: by xproxy.gmail.com with SMTP id t10so881370wxc
        for <linux-fsdevel@vger.kernel.org>; Mon, 27 Mar 2006 08:17:50 -0800 (PST)
To: "James Morris" <jmorris@namei.org>
In-Reply-To: <Pine.LNX.4.64.0603241757090.27964@excalibur.intercode>
Content-Disposition: inline
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On 3/24/06, James Morris <jmorris@namei.org> wrote:
> On Fri, 24 Mar 2006, Michael Halcrow wrote:
>
> > initialization vector by taking the MD5 sum of the file encryption
> > key; the root IV is the first N bytes of that MD5 sum, where N is the
> > number of bytes constituting an initialization vector for the cipher
> > being used for the file (it is worth noting that known plaintext
> > attacks against the MD5 hash algorithm do not affect the security of
> > eCryptfs, since eCryptfs only hashes secret values).
>
> What about other attacks on MD5?  Hard coding it into the system makes me
> nervous, what about making this selectable?
>
> > By default, eCryptfs selects AES-128. Later versions of eCryptfs will
> > allow the user to select the cipher and key length.
>
> Also, what about making the encryption mode selectable, to at least allow
> for like LRW support in addition to CBC?

These are part of the eCryptfs roadmap. I'm not sure when we are
planning to incorperate the functionality to select your hash and
cipher (I believe its 0.2 or 0.3), but we have experimented with this
and have had success doing so. The code is not included in 0.1 due to
lack of testing and conflict with our mental model of the releases.

Should this functionality be high desired / required, I see no reason
why it can't be added, but Mike Halcrow and Phillip need to weight in
on this too :)

--
Michael C. Thompson <mcthomps@us.ibm.com>
Software-Engineer, IBM LTC Security