xfs
[Top] [All Lists]

Re: encryption

Subject: Re: encryption
From: "D. Stimits" <stimits@xxxxxxxxxx>
Date: Thu, 05 Jul 2001 13:05:56 -0600
Cc: "'linux-xfs@xxxxxxxxxxx'" <linux-xfs@xxxxxxxxxxx>
References: <47CB5BFBF511D411A3AC00508BC8636B267BD3@DEBITECH11> <0107051747210G.30268@asterix> <20010705175612.A27494@xxxxxxxxxxxxxxxxx>
Reply-to: stimits@xxxxxxxxxx
Sender: owner-linux-xfs@xxxxxxxxxxx
Krzysztof Rusocki wrote:
> 
> Hi Steve,
> 
> you may also take a look at Loopback-Encrypted-Filesystem-HOWTO on 
> www.linuxdoc.org ,
> you'll need to patch your kernel with encryption patch (available on
> ftp.kernel.org afaik)..  However i do not know how is it going to interact
> with XFS - opinion of someone who did try to patch XFS tree with crypto
> patch would really be needed here...

There is already XOR based loopback support in the kernel, but the
international crypto patches have some technical problems, they are
pretty much considered "bad code" on the kernel dev list. Two problems
they cite quite often is that the international crypto fails to be
written for reentrancy in a reentrant portion of the kernel, as well as
a hard coded requirement of a single block size (permanent assumption).
Another minor complaint there is that the code should be user space and
not a kernel patch. But in the end, you can bet the international crypto
patch will never make it into the kernel as it is now.

D. Stimits, stimits@xxxxxxxxxx

> 
> Cheers,
> Krzysztof
> 
> On Thu, Jul 05, 2001 at 05:47:21PM +0200, Christian Widmer wrote:
> > the idea is not new (exept using xfs maybe). the new suse7.2 distribution
> > has support for encryted file system. and it looks like it does't matter 
> > what
> > filesystem you use. there is a description on their german homepage, un-
> > fortunately in germen. it uses the loop device to add an additional layer.
> >
> > setup a encryted device:
> >  $modprobe loop_fish2
> >  $losetup -e twofish /dev/loop0 /dev/hda3
> >  $mkdir /topsecret
> >  $mkreiserfs /dev/loop0
> >  $mount -t reiserfs /dev/loop0 /topsecret
> >
> > //chris
> >
> > On Thursday 05 July 2001 17:18, you wrote:
> > > i am interested in encrypted filesystems and was wondering if xfs would be
> > > good to encrypt...
> > >
> > > my thoughts was to intercept the reading/writing of inodes from/to disk 
> > > and
> > > doing the en-decryption there...
> > >
> > > the passphrase for the encryption would be entered during the mounting of
> > > the filesystem (and deleted from memory during the unmount!)...
> > >
> > > so my questions...
> > >
> > > is there a technical reason why xfs is unsuitable for this???
> > >
> > > has anybody thought about this before???
> > >
> > > i have found a method called 'xfs_iflush_int' does all writing to the hard
> > > disk go through here, or are there many places in the code that would need
> > > to be modified for decrypting/encrypting???
> > >
> > > is this a stupid idea??? :)
> > >
> > > steve...
> > >
> > > ps i hope this is the right place to send this message...
> > > pps is there anybody else interesed???
> >
> > --
> > christian widmer
> > zurlindenstrasse 294, 8003 zurich, switzerland
> > email:  cwidmer@xxxxxxxxxxxx
> > phone: ++41 (0)1 491 03 68

<Prev in Thread] Current Thread [Next in Thread>