linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* partially encrypted filesystem
@ 2003-12-03 21:07 Kallol Biswas
  2003-12-03 21:44 ` Richard B. Johnson
                   ` (3 more replies)
  0 siblings, 4 replies; 51+ messages in thread
From: Kallol Biswas @ 2003-12-03 21:07 UTC (permalink / raw)
  To: linux-kernel, linux-fsdevel


Hello,
      We have a requirement that a filesystem has to support
encryption based on some policy. The filesystem also should be able 
to store data in non-encrypted form. A search on web shows a few 
encrypted filesystems like "Crypto" from Suse Linux, but we need a
system  where encryption will be a choice per file. We have a hardware
controller to apply encryption algorithm. If a filesystem provides hooks
to use a hardware controller to do the encryption work then the cpu can
be freed from doing the extra work.

Any comment on this?

Kallol
NucleoDyne Systems.
nucleon@nucleodyne.com
408-718-8164



^ permalink raw reply	[flat|nested] 51+ messages in thread
* Re: partially encrypted filesystem
@ 2003-12-06 19:56 Pat LaVarre
  2003-12-06 22:07 ` Maciej Zenczykowski
  0 siblings, 1 reply; 51+ messages in thread
From: Pat LaVarre @ 2003-12-06 19:56 UTC (permalink / raw)
  To: maze, valdis.kletnieks
  Cc: linux-fsdevel, linux-kernel, willy, ezk, joern, phillip, kbiswas

 > > Suppose we wish to encrypt the files on a
 > > disc or disk or drive that we carry from one
 > > computer to another.
 > >
 > > Where else can the encryption go, if not
 > > "down to the file system"?
 >
 > From: ...maze...
 > ... sparse feature... of the filesystem ...
 > ways for which it likely wasn't designed,
 > thus ... likely ... problems ... slowdowns ...
 > sparse .... seldom used ... mostly ... static ...
 > later write access ... better or worse .... fragmentations ...
 > may ... required ... significant ... making ... work _well_

Agreed.

 > some other method ....
 > less likely to cause massive disk fragmentation.

Such as?

 > From: ...valdis...
 > ... Other ... theoretically ... if not totally workable.

Aye personally I focus on workable application of theory.

 > above ... a la PGP ...

Aye I see "compressed folders" arriving on desktops, and I see 
commercial encryption using that same approach.

 > below ... a la encrypted loopback ....

I'm guessing encryption raises many/all the same issues as compression.

Frustratingly, I find I can't quite lay hold of why people haven't more 
widely adopted compression/ encryption in random-access storage.

Personally I mostly ignored storage until 1994, then I dug in, then I 
felt most shocked to discover nothing like modem compression deployed, 
not even compression for each concentric track of an HDD.  Conceptually 
I like e.g. Usenix talk re garbage-collected log-structured 
filesystems, but nobody's made those real, I'm not yet clear why.

I want compression to trade away time for space, to mess with the 
phenomenon of people living all life at 95% of quota, and to contradict 
the theory that no fs works well when more than 50% full.

Pat LaVarre

P.S. Maybe my second deepest culture shock was finding max bytes/cdb 
choked off near zero e.g. 64 KiB in many places, 128 KiB now rumoured 
for parts of lk 2.6.  I'm not sure how often quantitative measurements 
of algorithms wrongly show no improvement because swamped by that limit.


^ permalink raw reply	[flat|nested] 51+ messages in thread
* Re: partially encrypted filesystem
@ 2003-12-10  3:22 Valient Gough
  0 siblings, 0 replies; 51+ messages in thread
From: Valient Gough @ 2003-12-10  3:22 UTC (permalink / raw)
  To: linux-kernel


This is slightly off topic, as it isn't a kernel implementation.  But in
regards to encryption options above the filesystem, there are user-space
tools for doing this.

For example (ahem, shamelessly plugging my own work)
pobox.com/~vgough/encfs.html - an encrypted filesystem in user-space
which uses the Linux kernel module FUSE (sf.net/projects/avf) to export
a filesystem interface to userland.  As a side note, FUSE also has
python, perl, and Java bindings for your programming pleasure.  

EncFS acts as a pass-thru layer to an existing filesystem, so it does
not require allocating space ahead of time.  But it does not do what the
original email asked, of encrypting on a file by file basis.  It is more
like a reimplementation of CFS, but without NFS being involved.  What
was asked for sounds more like TCFS (for 2.0.x and 2.2.x kernels).

regards,
Valient
vgough@pobox.com



^ permalink raw reply	[flat|nested] 51+ messages in thread

end of thread, other threads:[~2003-12-19 15:03 UTC | newest]

Thread overview: 51+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-12-03 21:07 partially encrypted filesystem Kallol Biswas
2003-12-03 21:44 ` Richard B. Johnson
2003-12-03 23:20   ` bill davidsen
2003-12-03 21:44 ` Jörn Engel
2003-12-04  0:08   ` Linus Torvalds
2003-12-04  1:25     ` Jeff Garzik
2003-12-04  2:08       ` Linus Torvalds
2003-12-04  3:59       ` H. Peter Anvin
2003-12-04  2:37     ` Charles Manning
2003-12-04 14:17     ` Jörn Engel
2003-12-04 15:20       ` Linus Torvalds
2003-12-04 16:07         ` Phillip Lougher
2003-12-04 17:26         ` Jörn Engel
2003-12-04 18:20           ` Phillip Lougher
2003-12-04 18:40             ` Jörn Engel
2003-12-04 19:41             ` Erez Zadok
2003-12-05 11:20               ` Jörn Engel
2003-12-05 16:16                 ` Erez Zadok
2003-12-05 19:14                   ` Matthew Wilcox
2003-12-05 19:47                     ` Erez Zadok
2003-12-05 20:28                       ` Matthew Wilcox
2003-12-05 21:38                         ` Pat LaVarre
2003-12-06  0:15                         ` Maciej Zenczykowski
2003-12-06  1:35                           ` Pat LaVarre
2003-12-06  2:39                             ` Valdis.Kletnieks
2003-12-06 11:43                             ` Maciej Zenczykowski
2003-12-07  0:04                               ` Shaya Potter
2003-12-08 14:08                               ` Jörn Engel
2003-12-06  0:50                         ` Phillip Lougher
2003-12-08 11:37                           ` David Woodhouse
2003-12-08 13:44                             ` phillip
2003-12-08 14:07                               ` David Woodhouse
2003-12-10  1:16                               ` [OT?]Re: " Charles Manning
2003-12-10 17:45                                 ` Phillip Lougher
2003-12-09 23:40                             ` Pat LaVarre
2003-12-10  0:07                             ` Pavel Machek
2003-12-10  1:28                               ` Pat LaVarre
2003-12-10  2:13                               ` Charles Manning
2003-12-05 19:58                     ` Pat LaVarre
2003-12-08 11:28             ` David Woodhouse
2003-12-08 13:49               ` phillip
2003-12-04 19:18           ` David Wagner
2003-12-05 13:02             ` Jörn Engel
2003-12-05 17:28               ` Frank v Waveren
2003-12-05 23:59               ` David Wagner
2003-12-19 15:01     ` Rik van Riel
2003-12-04  3:10 ` Valdis.Kletnieks
2003-12-04 18:16 ` Hans Reiser
2003-12-06 19:56 Pat LaVarre
2003-12-06 22:07 ` Maciej Zenczykowski
2003-12-10  3:22 Valient Gough

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).