[cgl_discussion] about PoC of "Support for encrypted file systems"

Steven Dake sdake at mvista.com
Wed Jun 18 15:22:36 PDT 2003


Thanks for all of the good PoC pointers. I suggest we not delete any 
references, even if they don't meet the requirements for various 
reasons, so linux distros can comment on the projects and we can track 
the gap analysis for these projects.


Zhao, Forrest wrote:

> I have some update for PoC of “Support for encrypted file systems”
> 1 Loop-AES :
> After adding the utility patch, Loop-AES can support many more 
> ciphers, such as Twofish, serpent, MARS, RC6, DFC, Blowfish, IDEA, 
> 3DES, RC5. It can encrypt a whole partition, root fs or use a file as 
> encrypted file system
> 2 ReiserFS:
> Reiserfs (version 3) doesn't support neither compression nor 
> encryption. It is supposed to be implemented in reiser4 for individual 
> files (and maybe directories). Perhaps we'll develop a scenario when 
> file system looks for a secret key in the key token of the process, 
> inherited from its parent.
> The above paragraph is from the maillist of reiserfs, so I don’t think 
> ReiserFS is suited for our requirement. It can just encrypt individual 
> files can not encrypt the partition. What’s your opinion?
> 3 StegFS
> The information hiding comes at a price. To ensure the security StegFS 
> has to allow data in the file system to be accidently overwritten. To
> avoid losing files StegFS, therefore, writes several copies of each 
> file block and inode so that, if some are overwritten, others can 
> hopefully be recovered. This replication obviously requires more disk 
> space for a given file. There is also a performance penalty due to the 
> need to write several copies of everything. There is also the risk 
> that all copies of a given block will be overwritten, in which case 
> its contents are lost.
> The above paragraph is from StegFS FAQ, so I think the performance 
> penalty is a big problem for its application in CGL.
> In summary, I believe that ReiserFS and StegFS don’t cater to the CGL 
> requirement and should be erased for PoC. Loop-AES is a good candidate.
> Any comments?
> Forrest
> **These views are not necessarily those of my employer.**

More information about the cgl_discussion mailing list