Re: crypto and fsck guys.

Eric Brunet (ebrunet@clipper.ens.fr)
Mon, 18 Oct 1999 14:21:30 +0200 (MET DST)


In ens.rezo.mailing-lists.linux-kernel, you wrote:
>> I have just lost _ABSOLUELY_ everything
>> of importance to myself. The reason? put
>
>Actually to be brutal the reason is because you didnt make a backup.
>
A friend of mine tried once to make backups of an encrypted filesystem.
That looked easy: just put on a tape/zip/whatever the file containing the
encrypted filesystem. He found out however that that was not doable: each
block of data is encrypted using a seed which is the __absolute__ block
number of the underlying filesystem, where it should be the block number
__relative__ to the beginning of the file containing the encrypted
filesystem. The consequence is that if you try to restore a backup (or
simply if you try to copy the encrypted filesystem), you obtain something
which cannot be decrypted as the block numbers have changed since the
encryption.

My friend submitted a bug report to the maintainer, and was replied that
``the feature was known, but would not be corrected because it wwas
imported to support backward compatibility with already existing
filesystems.'' Sigh.

>fsck actually doesn't even know about encrypted data. The encrypt/decrypt
>happens below the level either it or the file system code sees. If you
>tried to fsck the crypted data not the uncrypted loopback I imagine
>e2fsck would think your fs was quite odd however.
>
It is indeed weird that e2fsck doesn't give up at once before writing
anything.

Éric Brunet

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/