Date: Thu, 14 Sep 2000 08:01:21 -0600 (MDT) From: "Geoffrey T. Falk" <gtf@cirp.org> To: freebsd-fs@freebsd.org Subject: Re: AW: crypto fs? Message-ID: <200009141401.IAA03781@h-209-91-79-2.gen.cadvision.com> In-Reply-To: <67E0BE167008D31185F60008C7289DA0E12F00@MCHH218E>
next in thread | previous in thread | raw e-mail | index | archive | help
I have played with CFS. It is unsatisfactory for a number of reasons. It is implemented via a daemon that runs over an NFS connection. This is not clean. It is also slow. CFS takes over a directory in a filesystem. It does not encrypt disk blocks. It leaves information about your directory topology and file sizes available to an attacker. The CFS daemon also has a memory leak (at least in the current version). You will notice this if you copy several GB or if you leave it up and running for a while. A proper crypto filesystem would encrypt the blocks in the strategy() routine. One could run a standard FFS directly on top of it. I have searched for such a project but did not find anything. As an aside, in the process of investigating this, I discovered that documentation on BSD internals is severely underpublished. In contrast, I found an entire O'Reilly book on the Linux filesystem, complete with code samples. Regards g. n 14 Sep, Reifenberger Michael wrote: > Hi, > see /usr/ports/security/cfs. > > Bye/2 > ------ > Michael Reifenberger - IT, UNIX, R/3-Basis > Work: Michael.Reifenberger@plaut.de Proj: Michael.Reifenberger.gp@icn.siemens.de > Pers: Michael@Reifenberger.com Webspace: http://www.reifenberger.com > >> -----Urspr> üngliche Nachricht----- >> Von: Christoph Kukulies [SMTP:kuku@gilberto.physik.rwth-aachen.de] >> Gesendet am: Donnerstag, 14. September 2000 11:58 >> An: freebsd-fs@FreeBSD.ORG >> Betreff: crypto fs? >> >> >> Is there an implementation of the crypto filesystem for FreeBSD? >> >> Such that a disk that falls into hands of anyone not knowing >> the secret key cannot be decyphered in the duration of the universe? >> >> -- >> Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-fs" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-fs" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009141401.IAA03781>