On 20 Aug 2006, at 03:36, Michael Rogers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: >> - We keep a true client-cache. This is a datastore. Each block is >> encrypted by, and keyed by, randomly generated keys. > > In the long term, might it be worth implementing a simple encrypted > filesystem, stored inside a single fixed-size file? The encrypted > filesystem could be used for the datastore, cache, client-cache, > config > files, etc. Unused blocks would be indistinguishable from used blocks > because each block would be encrypted with a key derived from the > block > number and a master key, and the master key would be derived from a > passphrase each time the node started up. This would make it harder to > examine the store of a captured node, because you'd have to capture it > while it was running. Just trying to save everyone some money on > thermite. ;-) > > This could probably be implemented as a separate library... any > takers? :-)
We did something like this a few years ago, in the end we stripped it out as it was a major source of very difficult to track down bugs. Encrypted filesystems aren't easy to implement, but fortunately other people have implemented them - I really don't think we should be reinventing this particular wheel without a very good reason. Ian. Ian Clarke: Co-Founder & Chief Scientist Revver, Inc. phone: 323.871.2828 | personal blog - http://locut.us/blog -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060820/809dab90/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060820/809dab90/attachment.pgp>
