[cgl_discussion] about PoC of "Support for encrypted file systems"

Zhao, Forrest forrest.zhao at intel.com
Wed Jun 18 00:59:53 PDT 2003


I have some update for PoC of "Support for encrypted file systems"

 

1 Loop-AES :

After adding the utility patch, Loop-AES can support many more ciphers,
such as Twofish, serpent, MARS, RC6, DFC, Blowfish, IDEA, 3DES, RC5. It
can encrypt a whole partition, root fs or use a file as encrypted file
system

2 ReiserFS: 

     Reiserfs (version 3) doesn't support neither compression nor
encryption. It is supposed to be implemented in reiser4 for individual
files (and maybe directories). Perhaps      we'll develop a scenario
when file system looks for a secret key in the key token of the process,
inherited from its parent.   

     The above paragraph is from the maillist of reiserfs, so I don't
think ReiserFS is suited for our requirement. It can just encrypt
individual files can not encrypt the partition. What's your opinion?

3 StegFS

The information hiding comes at a price. To ensure the security StegFS
has to allow data in the file system to be accidently overwritten. To

avoid losing files StegFS, therefore, writes several copies of each file
block and inode so that, if some are overwritten, others can hopefully
be recovered. This replication obviously requires more disk space for a
given file. There is also a performance penalty due to the need to write
several copies of everything. There is also the risk that all copies of
a given block will be overwritten, in which case its contents are lost.

     The above paragraph is from StegFS FAQ, so I think the performance
penalty is a big problem for its application in CGL.

 

 

In summary, I believe that ReiserFS and StegFS don't cater to the CGL
requirement and should be erased for PoC. Loop-AES is a good candidate.

 

Any comments?

 

Forrest

 

**These views are not necessarily those of my employer.**

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/cgl_discussion/attachments/20030618/73258d1d/attachment-0001.htm


More information about the cgl_discussion mailing list