On Sat, Sep 1, 2012 at 10:47 AM, <and...@krutt.org> wrote:
> Does encfs ensure that passphrases and key material are in memory only as
> long as absolutely neccessary? There are calls to mlock in code, is it safe
> to assume that passphrases and keys do not get swapped to the disk?
>
Some protections depend on support of the OS, so safety in this case
depends on the entire system, not just encfs.
> In particular, the following would be good to have:
> - When encfs exits or unmounts a filesystem, keys to it should be
> explicitly
> erased from memory.
>
Yes. All blocks holding keys are zero'd when freed. Perhaps the biggest
danger here is if memory is leaked and never freed.
> - Passphrase should not be kept in memory, IIRC only the derived key is
> needed.
>
Yes, the passphrase memory is cleared once it has been used to decipher the
derived key.
> - Don't use swap at all for keys or decryped data, at least in paranoid
> mode.
>
This is under the control of the operating system. Encfs needs around 4MB
of memory to run. It applies mlock() to secure memory blocks, but that
depends on OS support for user-level locking.
> - A command to shut down encfs that blocks until encfs is gone. fusermount
> -u??
>
This may be system-specific, or a question for FUSE.
> - A command to unmount a filesystem without exiting, for use with
> --ondemand.
>
No, this does not exist.
regards,
Valient
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
