> From: Bill Stewart <[EMAIL PROTECTED]>
> To: Steve Hawkinson <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: Encrypting filenames
>
> At 04:00 PM 7/10/99 -0500, Steve Hawkinson wrote:
> >Does anybody have any ideas on what would be a good algorithm for
> >encrypting filenames? I would like for the alogorithm to do compression
> >also. CFS uses an algorithm that lengthens the filename, thereby shortening
> >the maximum allowed length of the clear text filename. I want to avoid
> >this and possibly store extra metadata in the filename.
>
> What are you trying to accomplish by encrypting them?
I want to provide as much security as possible for the clear text name of
the file.
> What's the environment you're planning to use them in?
I am working on a piece of middleware that modifies the system calls of
programs that are running on top of it. I can change an open(foo) system
call to open(xdsxfda) and close(foo) to close(xdsxfda). I can also change
the size of the file so stat(foo) is stat(xdsxfda) and in the process of
changing the name I change the file size in the stat buffer also.
The kernel sees all the operations on "xdsxfda" and the program and user
think the operations are being performed on "foo".
It runs in linux right now. I don't think the OS should make a
difference in the algorithm we use, except that it limits the length of
the filenames. I will probably truncate the filenames to the max length of
the OS and then apply the cryptographic algorithm.
I also would like to store the length of the file in the filename. That
is why I need compression. If I have a MAX_PATH length of 14 and my file
size is 1 meg and the clear text filename is 14 characters long. I have
a clear text of "fourteenletter.1000000". I would like to be able to
store that securely using 14 printable characters.
This is a worst case scenario since most modern filesystems have a much
longer filename length, more like 255 characters. Plenty of room for my
metadata, he, he. I should get more compression on a filename that is
255 characters long also.
I realize that any compression technique is going to have a worst case of no
compression or even increase redundancy. However I would still like to
make an attempt at compression of the filenames.
> What's your threat model?
This is a tool that people can use to encrypt arbitrary data. Any program
that writes to disk can be run on top of it. So the data can be anything
from Grandma's secret cookie recipe to medical records.
The data will be stored for long periods of time in an untrusted environment.
ex. filesystems that a sysAdmin can browse.
> Is it ok to always use the same key? (Thus, 3-DES is fine.)
I would like to change the key for each file.
> Do you need two-way encryption, or is a 1-way hash adequate?
Yes I need two-way encryption.
So I guess a more quailfied question is what is a good two-way, multikeyed,
high-compression, highly-secure over indefinite periods of time,
cryptographic algorithm?
Thanks for your time,
Steve
