On 07/28/2010 09:44 AM, Tim Gardner wrote: > ... how about... if the encrypted file name is too long then > just use the unencrypted name on the lower file system ?
Dustin has suggested this before and while it would make our lives as developers easier, I don't like it from a security standpoint. You either want a security feature or you don't. If a user turns this on to make some application work in their encrypted home, now they have to make sure they don't create a meaningful file name that is 144 chars or longer. I much rather prefer a mount option to load a file name key encryption key to decrypt old file names, but not encrypt any new file names. The decision to encrypt or not is much more predictable. -- file name to long when creating new file (ecryptfs_lookup: lookup_one_len() returned [-36] on lower_dentry) https://bugs.launchpad.net/bugs/344878 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
