Tzafrir Cohen wrote: > On Fri, 15 Nov 2002, Eran Tromer wrote: > >>Having peeked at the TCFS sourcecode and scanned their 95-slides >>presentation >>(http://www.tcfs.it/docs/linux-expo-2001/Diapositiva1.JPG.html): >> >>TCFS encrypts at the file block level, and the protocol for sending file >>blocks back and forth is plain NFS, so an eavesdropper knows which block >>of which file you access in each operation. The filenames aren't >>visible, but their lengths, and sizes and directory hierarchy are. In >>many cases, this would leave little room for imagination. > > 1. does this system allow easy abuses of ip spoofing? (as in the case of > NFS?)
The information extraction attacks I described rely on IP spoofing. If you just want to corrupt information, it's exactly as easy as NFS (since TCFS is built on top of NFS and gives no protection against this). > 2. Another thing to consider: network throughput: the more content > encryption there is, the more garbage is transmitted on the network. This > reduces the actual throuput of the transfer (I ignore the cpu time spent > on encryption/decryption). Why? When using standard block or stream ciphers the encrypted data is as long as the original data, or only slightly longer due to IVs (think of Unix passwd "salt") and headers. Eran ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
