From mboxrd@z Thu Jan 1 00:00:00 1970 From: Erik Mouw Subject: Re: Hi Date: Wed, 19 Feb 2003 17:49:26 +0100 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <20030219164926.GE2516@arthur.ubicom.tudelft.nl> References: <20030218150457.20101.qmail@webmail30.rediffmail.com> <20030218163422.GC1399@arthur.ubicom.tudelft.nl> <1045609648.18245.0.camel@imladris.demon.co.uk> <20030219153537.GB2516@arthur.ubicom.tudelft.nl> <1045669453.19863.35.camel@passion.cambridge.redhat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mR8QP4gmHujQHb1c" Cc: Rajaram Suresh Gaunker , linux-fsdevel@vger.kernel.org, kernelnewbies@nl.linux.org Return-path: To: David Woodhouse Content-Disposition: inline In-Reply-To: <1045669453.19863.35.camel@passion.cambridge.redhat.com> List-Id: linux-fsdevel.vger.kernel.org --mR8QP4gmHujQHb1c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 19, 2003 at 03:44:14PM +0000, David Woodhouse wrote: > On Wed, 2003-02-19 at 15:35, Erik Mouw wrote: > > File level encryption gives an attacker information about the files on > > your system. > >=20 > > Suppose I can get hold of your disk and I want to know if you are > > subscribed to linux-kernel. I just mount the disk, and if I find a file > > called "dwmw2/Mail/linux-kernel", it gives me a large hint you are > > indeed subscribed. No, I can't decrypt the file, but that wasn't my > > purpose. I do however know the file metadata, like the filename, the > > owner, modification time, length, etc. >=20 > Not if the metadata were encrypted too. But I still can see where the metadata lives on the disk, which gives me a hint what kind of filesystem you are using. The more information, the easier the attack. > You speak only of block-level encryption and of file-level (i.e. > application-based) encryption. But don't forget that there's a layer > _between_ the applications and the block device. :) >=20 > My question was what's wrong with doing encryption in the file system? If you want to encrypt files, you have to do it right. Any information can lead to a possible compromise of the system, so the best is to hide everything, which can only be done by block level encryption. Erik --=20 J.A.K. (Erik) Mouw Email: J.A.K.Mouw@its.tudelft.nl mouw@nl.linux.org --mR8QP4gmHujQHb1c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+U7WW/PlVHJtIto0RApC8AJ0bB4Lus2fRGNepjAGIb2Pch9TmlQCcDhZ3 an3DWimu4A3AYpgNAWwTIHc= =rjUO -----END PGP SIGNATURE----- --mR8QP4gmHujQHb1c--