John Plocher wrote: > Re: Using the filesystem's underlying block/sector/whatever info as part > of the crypto chain > > Naive question: Won't this break in situations where the encrypted data > file is moved between dissimilar filesystems? Or am I misunderstanding > that part of the conversation?
No it won't, break. Just like it would work today without crypto. Quoting from 1999/463: "lofi intentionally knows nothing about the filesystem above or below it." > Example: create the encrypted data in a file on a zfs filesystem, > un-lofi-mount it, > copy the encrypted data file to an USB keychain drive, > take it home, > move it onto a CDROM and then > try to lofi mount it and read the unencrypted data... That will work just fine. The block size that lofi(7D) works in is fixed as DEV_BSIZE (ie 512) as defined in <sys/param.h> (which lofi.c gets via <sys/sysmacros.h>). Because this is they side we read/write to the underlying file it is also the size of chunks we do crypto on. -- Darren J Moffat
