From: davidsen@tmr.com (bill davidsen)
To: linux-kernel@vger.kernel.org
Subject: Re: partially encrypted filesystem
Date: 3 Dec 2003 23:20:24 GMT [thread overview]
Message-ID: <bqlr3o$khe$1@gatekeeper.tmr.com> (raw)
In-Reply-To: Pine.LNX.4.53.0312031627440.3725@chaos
In article <Pine.LNX.4.53.0312031627440.3725@chaos>,
Richard B. Johnson <root@chaos.analogic.com> wrote:
| On Wed, 3 Dec 2003, Kallol Biswas wrote:
|
| >
| > Hello,
| > We have a requirement that a filesystem has to support
| > encryption based on some policy. The filesystem also should be able
| > to store data in non-encrypted form. A search on web shows a few
| > encrypted filesystems like "Crypto" from Suse Linux, but we need a
| > system where encryption will be a choice per file. We have a hardware
| > controller to apply encryption algorithm. If a filesystem provides hooks
| > to use a hardware controller to do the encryption work then the cpu can
| > be freed from doing the extra work.
| >
| > Any comment on this?
| >
| > Kallol
| > NucleoDyne Systems.
| > nucleon@nucleodyne.com
| > 408-718-8164
|
| I think you just need your application to encrypt data where needed.
| Or to read/write to an encrypted file-system which always encrypts.
| You really don't want policy inside the kernel.
|
| Let's say you decided to ignore me and do it anyway. The file-systems
| are a bunch of inodes. Every time you want to read or write one, something
| has to decide if it's encrypted and, if it is, how to encrypt or
| decrypt it. Even the length of the required read or write becomes
| dependent upon the type of encryption being used. Surely you don't
| want to use an algorithm where a N-byte string gets encoded into a
| N-byte string because to do so gives away the length, from which
| one can derive other aspects, resulting in discovering the true content.
| So, you need variable-length inodes --- what a mess. The result
| would be one of the slowest file-systems you could devise.
|
| Encrypted file-systems, where you encrypt everything that goes
| on the media work. Making something that could be either/or,
| while possible, is not likely going to be very satisfying.
Well said. This isn't the way to do it as you say, although you could
add an O_CRYPTO flag to creat() if you really wanted to.
Crypto in the program is definitely the better solution.
--
bill davidsen <davidsen@tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
next prev parent reply other threads:[~2003-12-03 23:31 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-03 21:07 partially encrypted filesystem Kallol Biswas
2003-12-03 21:44 ` Richard B. Johnson
2003-12-03 23:20 ` bill davidsen [this message]
2003-12-03 21:44 ` Jörn Engel
2003-12-04 0:08 ` Linus Torvalds
2003-12-04 1:25 ` Jeff Garzik
2003-12-04 2:08 ` Linus Torvalds
2003-12-04 3:59 ` H. Peter Anvin
2003-12-04 2:37 ` Charles Manning
2003-12-04 14:17 ` Jörn Engel
2003-12-04 15:20 ` Linus Torvalds
2003-12-04 16:07 ` Phillip Lougher
2003-12-04 17:26 ` Jörn Engel
2003-12-04 18:20 ` Phillip Lougher
2003-12-04 18:40 ` Jörn Engel
2003-12-04 19:41 ` Erez Zadok
2003-12-05 11:20 ` Jörn Engel
2003-12-05 16:16 ` Erez Zadok
2003-12-05 19:14 ` Matthew Wilcox
2003-12-05 19:47 ` Erez Zadok
2003-12-05 20:28 ` Matthew Wilcox
2003-12-05 21:38 ` Pat LaVarre
2003-12-06 0:15 ` Maciej Zenczykowski
2003-12-06 1:35 ` Pat LaVarre
2003-12-06 2:39 ` Valdis.Kletnieks
2003-12-06 11:43 ` Maciej Zenczykowski
2003-12-07 0:04 ` Shaya Potter
2003-12-08 14:08 ` Jörn Engel
2003-12-06 0:50 ` Phillip Lougher
2003-12-08 11:37 ` David Woodhouse
2003-12-08 13:44 ` phillip
2003-12-08 14:07 ` David Woodhouse
2003-12-10 1:16 ` [OT?]Re: " Charles Manning
2003-12-10 17:45 ` Phillip Lougher
2003-12-09 23:40 ` Pat LaVarre
2003-12-10 0:07 ` Pavel Machek
2003-12-10 1:28 ` Pat LaVarre
2003-12-10 2:13 ` Charles Manning
2003-12-05 19:58 ` Pat LaVarre
2003-12-08 11:28 ` David Woodhouse
2003-12-08 13:49 ` phillip
2003-12-04 19:18 ` David Wagner
2003-12-05 13:02 ` Jörn Engel
2003-12-05 17:28 ` Frank v Waveren
2003-12-05 23:59 ` David Wagner
2003-12-19 15:01 ` Rik van Riel
2003-12-04 3:10 ` Valdis.Kletnieks
2003-12-04 18:16 ` Hans Reiser
-- strict thread matches above, loose matches on Subject: below --
2003-12-06 19:56 Pat LaVarre
2003-12-06 22:07 ` Maciej Zenczykowski
2003-12-10 3:22 Valient Gough
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='bqlr3o$khe$1@gatekeeper.tmr.com' \
--to=davidsen@tmr.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox