Re: Checksum and transform layering

[Gregory Maxwell]

On Thu, Nov 6, 2008 at 10:27 AM, Xavier Nicollet <[EMAIL PROTECTED]> wrote:
> Le 06 novembre 2008 à 09:58, Gregory Maxwell a écrit:
>> The latter would need to be a probably need to be a secret-keyed HMAC
>> to prevent watermarking attacks and information leakage, [...]
>
> Dm-crypt on every disks seems a good alternative, doesn't it ?
> You would use dm-crypt for your swap anyway.
>
> Did I miss something ?

Dmcrypt is fine but a rather blunt tool: It's all or nothing, and only
a single key.  It also can not store a unique nonce per block update,
which may create some (theoretical) security weaknesses.  The whole
thing will need to be mounted with keys in memory even when you only
care about a few files. (so someone who gains access to the system
could access high security files even if the system was just being
used for web-browsing at the time)

With a more intelligent you could have per-subvolume keying, or even
better per-file allowing the encrypted filesystem to contain a mix of
files with differing security classes.

Take a look at http://ecryptfs.sourceforge.net/ for an example of a
more-sophisticated filesystem encryption feature set.

At the least I think it would be useful if btrfs provided dmcrypt
functionality per subvolume, though full ecryptfs level functionality
would be quite interesting.
N�����r��y����b�X��ǧv�^�)޺{.n�+����{�n�߲)����w*jg��������ݢj/���z�ޖ��2�ޙ����&�)ߡ�a�����G���h��j:+v���w��٥