ecryptfs leaks a lot of data like filenames, sizes, modifiaction times, etc. These can be critical. For example, sometimes file-sizes are misused as "fingerprints". I would say definitely backwards security-wise, for possibly some better usability. Arno On Tue, Dec 30, 2014 at 19:18:38 CET, msalists@xxxxxxx wrote: > They are reluctant to give out any details, but are saying that they > will be releasing a new version of their software in the coming > weeks that uses ecryptfs instead. > Is this a step forward or backward (or rather just "sideways")? > > Mark > > On 2014-12-30 02:04, Arno Wagner wrote: > >On Tue, Dec 30, 2014 at 03:32:58 CET, msalists@xxxxxxx wrote: > >>On 2014-12-29 11:29, Quentin Lefebvre wrote: > >>>On 29/12/2014 20:06, msalists@xxxxxxx wrote : > >>>>Assuming I did create the container with aes-cbc-essiv:sha256; would > >>>>cryptsetup automatically figure out the correct parameters when it is > >>>>subsequently called without those parameters to mount the container? > >>>>Or do non-default parameters at creation time require the same > >>>>non-default parameters again for subsequent mounts? > >>>As you may have understood, in plain mode, there is no header, so > >>>no way for cryptsetup to guess the algorithm used. Thus, if it is > >>>a non-default one, it must be specified also at mount time. > >>> > >>Hm, makes sense. Is there some kind of a config file that I could > >>specify the parameters in, and that would be read prior to using the > >>defaults - similar to how some parameters for mount can be specified > >>in /etc/fstab ? > >Only if the NAS-makers added one. cryptsetup does not have > >a mechanism for this. > > > >Arno > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
