On Tue, Mar 04, 2003 at 10:20:31AM +0100, J?rn Engel wrote:
> On Tue, 4 March 2003 13:30:20 +0400, Vlad Harchev wrote:
> >
> > Sorry for confusion - I meant loopback-based crypto filesystem - e.g. loop-aes
> > based (loop-aes.sourceforge.net) or CryptoAPI-based (www.kerneli.org) - both
> > are loopback-based filesystem (one has to call losetup(8) to point out chipher,
> > a password..)
>
> Loopback with encryption is not the same as a crypto filesystem.
> Loopback encryption works transparently with any (non-)crypto fs.
Yes, you are right.
> A potential attacker can use this to look for the ext2 superblock,
> which gives him the same data both encrypted an unencrypted. A real
I've got an impression that in case of loopback with encryption the
superblock will also be encrypted.
If one forgets known cleartext attacks, one can place the filesystem at
some offset.
> cryptofs would go through great pains to take such advantages away.
>
-- Best regards, -Vlad - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 07 2003 - 22:00:24 EST