-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Toseland wrote: > - We keep a true client-cache. This is a datastore. Each block is > encrypted by, and keyed by, randomly generated keys.
In the long term, might it be worth implementing a simple encrypted filesystem, stored inside a single fixed-size file? The encrypted filesystem could be used for the datastore, cache, client-cache, config files, etc. Unused blocks would be indistinguishable from used blocks because each block would be encrypted with a key derived from the block number and a master key, and the master key would be derived from a passphrase each time the node started up. This would make it harder to examine the store of a captured node, because you'd have to capture it while it was running. Just trying to save everyone some money on thermite. ;-) This could probably be implemented as a separate library... any takers? :-) Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE6DsTyua14OQlJ3sRApi3AJ4pF2W5LzWFX/dm528OTTy8M8NjoACdEfK3 yO+1qpaWd6P0Qvf7bC7epJQ= =t4GU -----END PGP SIGNATURE-----
