From owner-freebsd-fs Thu Sep 14 7: 1:29 2000 Delivered-To: freebsd-fs@freebsd.org Received: from h-209-91-79-2.gen.cadvision.com (h-209-91-79-2.gen.cadvision.com [209.91.79.2]) by hub.freebsd.org (Postfix) with ESMTP id E3A0537B43E for ; Thu, 14 Sep 2000 07:01:25 -0700 (PDT) Received: from cirp.org (localhost [127.0.0.1]) by h-209-91-79-2.gen.cadvision.com (8.9.3/8.9.3) with ESMTP id IAA03781 for ; Thu, 14 Sep 2000 08:01:22 -0600 (MDT) (envelope-from gtf@cirp.org) Message-Id: <200009141401.IAA03781@h-209-91-79-2.gen.cadvision.com> Date: Thu, 14 Sep 2000 08:01:21 -0600 (MDT) From: "Geoffrey T. Falk" Subject: Re: AW: crypto fs? To: freebsd-fs@freebsd.org In-Reply-To: <67E0BE167008D31185F60008C7289DA0E12F00@MCHH218E> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-fs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have played with CFS. It is unsatisfactory for a number of reasons. It is implemented via a daemon that runs over an NFS connection. This is not clean. It is also slow. CFS takes over a directory in a filesystem. It does not encrypt disk blocks. It leaves information about your directory topology and file sizes available to an attacker. The CFS daemon also has a memory leak (at least in the current version). You will notice this if you copy several GB or if you leave it up and running for a while. A proper crypto filesystem would encrypt the blocks in the strategy() routine. One could run a standard FFS directly on top of it. I have searched for such a project but did not find anything. As an aside, in the process of investigating this, I discovered that documentation on BSD internals is severely underpublished. In contrast, I found an entire O'Reilly book on the Linux filesystem, complete with code samples. Regards g. n 14 Sep, Reifenberger Michael wrote: > Hi, > see /usr/ports/security/cfs. > > Bye/2 > ------ > Michael Reifenberger - IT, UNIX, R/3-Basis > Work: Michael.Reifenberger@plaut.de Proj: Michael.Reifenberger.gp@icn.siemens.de > Pers: Michael@Reifenberger.com Webspace: http://www.reifenberger.com > >> -----Urspr> üngliche Nachricht----- >> Von: Christoph Kukulies [SMTP:kuku@gilberto.physik.rwth-aachen.de] >> Gesendet am: Donnerstag, 14. September 2000 11:58 >> An: freebsd-fs@FreeBSD.ORG >> Betreff: crypto fs? >> >> >> Is there an implementation of the crypto filesystem for FreeBSD? >> >> Such that a disk that falls into hands of anyone not knowing >> the secret key cannot be decyphered in the duration of the universe? >> >> -- >> Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-fs" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-fs" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message