From: Erik Mouw <J.A.K.Mouw@its.tudelft.nl>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Rajaram Suresh Gaunker <rajarams1@rediffmail.com>,
linux-fsdevel@vger.kernel.org, kernelnewbies@nl.linux.org
Subject: Re: Hi
Date: Wed, 19 Feb 2003 17:49:26 +0100 [thread overview]
Message-ID: <20030219164926.GE2516@arthur.ubicom.tudelft.nl> (raw)
In-Reply-To: <1045669453.19863.35.camel@passion.cambridge.redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]
On Wed, Feb 19, 2003 at 03:44:14PM +0000, David Woodhouse wrote:
> On Wed, 2003-02-19 at 15:35, Erik Mouw wrote:
> > File level encryption gives an attacker information about the files on
> > your system.
> >
> > Suppose I can get hold of your disk and I want to know if you are
> > subscribed to linux-kernel. I just mount the disk, and if I find a file
> > called "dwmw2/Mail/linux-kernel", it gives me a large hint you are
> > indeed subscribed. No, I can't decrypt the file, but that wasn't my
> > purpose. I do however know the file metadata, like the filename, the
> > owner, modification time, length, etc.
>
> Not if the metadata were encrypted too.
But I still can see where the metadata lives on the disk, which gives
me a hint what kind of filesystem you are using. The more information,
the easier the attack.
> You speak only of block-level encryption and of file-level (i.e.
> application-based) encryption. But don't forget that there's a layer
> _between_ the applications and the block device. :)
>
> My question was what's wrong with doing encryption in the file system?
If you want to encrypt files, you have to do it right. Any information
can lead to a possible compromise of the system, so the best is to hide
everything, which can only be done by block level encryption.
Erik
--
J.A.K. (Erik) Mouw
Email: J.A.K.Mouw@its.tudelft.nl mouw@nl.linux.org
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-02-19 16:49 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-18 15:04 Hi Rajaram Suresh Gaunker
2003-02-18 16:34 ` Hi Erik Mouw
2003-02-18 23:07 ` Hi David Woodhouse
2003-02-19 14:54 ` Hi Juan Quintela
2003-02-19 15:22 ` Hi David Woodhouse
2003-02-19 15:37 ` Hi Juan Quintela
2003-02-19 15:40 ` Hi Erik Mouw
2003-02-19 16:09 ` Hi Juan Quintela
2003-02-19 15:35 ` Hi Erik Mouw
2003-02-19 15:44 ` Hi David Woodhouse
2003-02-19 16:49 ` Erik Mouw [this message]
2003-02-19 17:00 ` Hi Jan Harkes
2003-02-18 18:55 ` Hi Bryan Henderson
-- strict thread matches above, loose matches on Subject: below --
2022-06-15 21:59 Hi Emerald Johansson
2018-12-19 20:08 HI Mrs Suzara Maling Wan
2015-10-20 1:45 Hi Judith Guest
2015-06-14 2:09 Hi Patricia Horoho
2013-12-21 8:18 Hi 906sl5glxg
2013-07-12 8:21 hi voady4cool
2013-01-03 17:04 hi keketa vieira
2011-10-28 11:10 Hi lisa hedstrand
2011-09-23 13:16 hi Mrs. Xue Chong
2010-11-06 8:24 hi Gabriel kante
2010-06-14 20:34 HI Dora Saki
2006-02-23 15:26 hi Edmund P. Hilton, V
2006-02-18 4:57 hi Bobbie M. Hancock
2002-09-15 23:57 hi Bety Lora
2002-09-08 5:10 hi Matthew Stapleton
2002-09-08 11:39 ` hi Matti Aarnio
2002-09-07 20:30 hi Angel GrefurT
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030219164926.GE2516@arthur.ubicom.tudelft.nl \
--to=j.a.k.mouw@its.tudelft.nl \
--cc=dwmw2@infradead.org \
--cc=kernelnewbies@nl.linux.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=rajarams1@rediffmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).