On Thu, 20 Nov 2014 17:47:59 -0800 "Mark R. Pariente" <markparie...@gmail.com> wrote:
> On Thu, Nov 20, 2014 at 5:28 PM, Matei David
> <ma...@cs.toronto.edu> wrote:
> > Hi,
> >
> > I'm interested in keeping two encfs folders in sync. One option is
> > to run rsync/unison between the plaintext folders. I would like to
> > have the additional option of performing sync on the ciphertexts.
> >
> > >From the tests that I ran, it seems to me that this is only
> > >possible if
> > uniqueIV is set to 0 in the configuration file. Whenever this is
> > set to 1, the ciphertexts of two identical plaintext folders seem
> > to be different. To clarify, my tests consisted of running this
> > script while tweaking various parameters inside encfs6.xml.
> >
> > #!/bin/bash -x
> > cat encfs6.xml
> > rm -rf /tmp/.docs-{1,2} /tmp/docs-{1,2}
> > mkdir -p /tmp/.docs-{1,2} /tmp/docs-{1,2}
> > echo password |
> > ENCFS6_CONFIG=encfs6.xml encfs -S /tmp/.docs-1 /tmp/docs-1
> > echo password |
> > ENCFS6_CONFIG=encfs6.xml encfs -S /tmp/.docs-2 /tmp/docs-2
> > echo "hello" >/tmp/docs-1/a-file
> > rsync -a /tmp/docs-1/ /tmp/docs-2/
> > md5sum /tmp/.docs-[12]/*
> > fusermount -u /tmp/docs-1
> > fusermount -u /tmp/docs-2
> >
> > My question is, are there security considerations why I would want
> > to keep uniqueIV set to 1? I checked the manual and the guide here
> > http://www.ict.griffith.edu.au/anthony/info/crypto/encfs.hints
> > Neither mention unique IVs or what they are good for.
>
> UniqueIV generates a random IV value for each file - that is why you
> are seeing the same plaintext/path resulting in different ciphertext
> when copied.
>
> The reasoning for uniqueIV is to prevent statistical attacks -
> without it the same plaintext results in the same ciphertext so an
> observer can tell how many copies of a file you have, and this is
> considered information leakage.
Thanks for the prompt reply.
From the description in the manual, I would have thought that
externalIVChaining would prevent such an attack: I thought 2 identical
plaintext files would encrypt in different ways depending on their
names (or paths, with chainedNameIV). But my understanding is wrong,
right? I think I'm mixing up 2 things that are being encrypted: file
names, and file contents.
Can you explain what externalIVChaining does exactly? I tried to
figure it out but I don't see any effect. Here's what I tried:
- for every triple of IV-related options:
(uniqueIV, chainedNameIV, externalIVChaining)
- create 2 identical plaintext files (file-a, file-b)
- copy them to a directory (dir/file-a dir/file-b)
- so in total, there are 4 identical files, with 2 different base names
- sync the plaintexts between 2 mounts
- count:
- unique file names in ciphertext of 1 mount
- unique file names in ciphertext of both mounts
- unique checksums in ciphertext of 1 mount
- unique checksums in ciphertext of both mounts
I'm attaching the script. The results I see are:
000 2 2 1 1
001 2 2 1 1
010 4 4 1 1
011 4 4 1 1
100 2 2 4 8
101 2 2 4 8
110 4 4 4 8
111 4 4 4 8
Based on this, I infer that:
- uniqueIV affects only file content encryption, not file names
- chainedNameIV affects only file name encryption, not file contents
What I don't understand is the effect of externalIVChaining. I don't
see anything chaning when it is enabled.
Thanks,
M
try-encfs
Description: Binary data
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
