Having peeked at the TCFS sourcecode and scanned their 95-slides presentation (http://www.tcfs.it/docs/linux-expo-2001/Diapositiva1.JPG.html):
TCFS encrypts at the file block level, and the protocol for sending file blocks back and forth is plain NFS, so an eavesdropper knows which block of which file you access in each operation. The filenames aren't visible, but their lengths, and sizes and directory hierarchy are. In many cases, this would leave little room for imagination. As for the file contents: we want blocks to be encrypted differently across time, across files and across offsets. TCFS fails miserably on all three accounts: 1. A given block of a given file is always encrypted with the same key and without random padding. 2. They claim that blocks in different files are encrypted differently because each file has it's own "file key", but there's nothing to prevent an attacker from modifying the file key so it becomes identical to that of another file! There's a checksum on the file header, but it's cryptographically useless. 3. Blocks at different offsets are encrypted differently, but by combining the above two we can work around this. To compare the blocks at offsets I and J of file X: find a file Y in which data is often shifted back and forth, such as a large document that the user edits frequently. Cause X and Y to have the same file key. Copy the block at offset I of X to offset I of Y and wait until it happens to reach offset J of Y. Viola. So, we have encryption that's completely deterministic (directly or indirectly), and a very real prospect of chosen-plaintext attack (because it suffices for the attacker to cause data of his choice to be written to an arbitrary file, such as a mailbox). This "Transparent Cryptographic File System" is somewhat more transparent than intended -- it's completely insecure. Do not use it. Eran Official Flamer/Cabal NON-Leader wrote: > Hmmm... I suspect that TCFS (Transparent Cryptographic FS) is the better > answer it behaves like NFS (errr, it _is_ NFS to a significant degree. > The URL is http://www.tcfs.it. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
