On 29/05/14 at 11:17am, Cosimo Streppone wrote: > Chiedo scusa per la mia ignoranza in anticipo. > Potresti educarmi sull'argomento?
Non ho l'autorità e l'autorevolezza necessaria per educare :-) Quoto un pò di persone: """ ecryptfs is a complete joke. It intentionally does not encrypt *ANY* metadata execpt the filename, leaking modification times, filesizes (rounded to the block), write patterns, file ownership, permissions, etc. Because it's design is such a joke, it hasn't gotten any serious crypto review, so I'd be surprised if it doesn't have critical implementation bugs in the parts that aren't broken by design. Please don't use ecryptfs. It's not even better than nothing. """[1] """ eCryptfs appears to have a better crypto design than EncFS [4], but there are some red flags indicating that it was not designed by a cryptographer, and has not received enough security review """ [2] L'ultima release è del 2012 (a quanto leggo sulla pagina g+), l'ultimo commit nel repo git è di 6 mesi fa per la 3.13.x (mi sembra di capire che gli ultimi 6 o 7 siano solo commit di "porting" alle nuove versioni, dato che non è incluso nel kernel di default - chissà perchè - ). [1] https://www.mail-archive.com/[email protected]/msg04329.html [2] https://defuse.ca/audits/ecryptfs.htm ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
