Date: Thu, 3 Jul 1997 14:12:20 +0200 From: lada@ws6303.gud.siemens.at (marino.ladavac@siemens.at) To: freebsd-hackers@FreeBSD.ORG, abial@korin.warman.org.pl Subject: Re: Crypto (MD5,DES) filesystem Message-ID: <199707031212.OAA18858@ws6423.gud.siemens.at>
next in thread | raw e-mail | index | archive | help
> From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 3 13:08:44 MET 1997 > Date: Thu, 3 Jul 1997 12:59:06 +0200 (MET DST) > From: Andrzej Bialecki <abial@korin.warman.org.pl> > To: freebsd-hackers@FreeBSD.ORG > Subject: Crypto (MD5,DES) filesystem > Mime-Version: 1.0 > X-Loop: FreeBSD.org > > > Hi! > > I'm looking for an implementation of crypto filesystem for FreeBSD. > Perhaps it doesn't exist at all (yet). Not that I know of. Crypto filesystems that are not worse than useless are not easy. > > I'm ignorant in filesystems intrinsics, so don't laugh, but here's my idea > how it could be done: > > * take the nullfs and modify it, so that in every write it makes an XOR of > md5-hashed password with the actual block contents. On every read do the > contrary. In other words, to slide in encryption between vnode and nullfs > layers. Hopefully not. You really should use an encryption method that needs more than a couple of seconds to break it. Otherwise, the layering sounds logical. > > * modify the mount_null (let's call it mount_crypto) to get a password > from user. > > Then user could issue the following command (as it is not required to be > superuser to do such mounts): > > mount_crypto -e md5 /home/user/plaintext/locked /home/user/unlocked > And then everyone who has read access to the mounted files gets to see them as plaintext. Anyone who happens to be root gets all of the contents for free. This is worse than useless because it conveys a false feeling of security unless you consider the implications (then it becomes just plain useless:) > and every file in directory 'locked' would be encrypted/decrypted on the > fly. The most important being the contents of the disk blocks are always > encrypted (no need to write decrypted blocks anywhere). But just as bad, if not worse. > > Now, be kind, but what do you think of it? It does not seem very workable, wouldn't you agree :( Sorry, I don't have any better ideas at this time, but please reconsider the semantics of the unix filesystem and access rights. cryptofs seems a fine idea, but it actually relies to the security offered by the access rights and superuser's goodwill--you cannot count on either :( /Marino > > Sincerely yours, > > --- > Andrzej Bialecki FreeBSD: Turning PCs Into Workstations > <abial@warman.org.pl> http://www.freebsd.org > Research and Academic Network in Poland > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707031212.OAA18858>