Re: signing a filesystem

bofh@snoopy.virtual.net.au
Sat, 28 Dec 96 18:18:34 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew E. Mileski: "Re: signing a filesystem"
Previous message: bofh@snoopy.virtual.net.au: "Re: signing a filesystem"
In reply to: Andrew E. Mileski: "Re: signing a filesystem"
Next in thread: Andrew E. Mileski: "Re: signing a filesystem"
Reply: Andrew E. Mileski: "Re: signing a filesystem"

>> > new-footprint = old-footprint ^ md5(old-block) ^ md5(new-block)
>>
>> This part is all good.

>I humbly suggest using the more advanced RIPEMD-160, which has been made
>public. It is tougher to fool, and produces a longer byte stream. Slower than
>MD5 of course (my P5-166 does RIPEMD-160 at about
>2 million bytes/sec).

What if we had some sort of security interface for the kernel? So a daemon
program could provide a security service to the kernel. The interface could
allow multiple daemons supporting different types of security. Then to mount a
secured filing system you would need to give the name of the encryption
algorithm to use and the password.

What do you think?

Russell Coker

Next message: Andrew E. Mileski: "Re: signing a filesystem"
Previous message: bofh@snoopy.virtual.net.au: "Re: signing a filesystem"
In reply to: Andrew E. Mileski: "Re: signing a filesystem"
Next in thread: Andrew E. Mileski: "Re: signing a filesystem"
Reply: Andrew E. Mileski: "Re: signing a filesystem"