> > In any case, I guess that unless there are other ideas we can do these patches: > > 1.) f2fs patch to start checking the name, as above > 2.) patch to start encoding last 32 bytes of the name (or second-to-last CTS > block, I haven't decided yet) rather than last 16 bytes, changing > fs/crypto/, fs/ext4/, and fs/f2fs/ Using second-to-last CTS block is CTS-CBC specific. If we use another method to encode filename (I am thinking of HEH, http://www.mail-archive.com/linux-crypto@xxxxxxxxxxxxxxx/msg21826.html) that may not work anymore. We don't have to use the last 32 bytes: using for instance the last 24 should be good enough, the escape rate will be 1/2^64 instead 1/2^128. Gwendal. > 3.) cleanup patches to introduce helper function and switch ext4 and f2fs to it > > (1) and (2) will be backported. > > UBIFS can be changed to use the helper function later if needed. It's not as > important for it to be backported there since UBIFS does the "double hashing", > and UBIFS encryption was just added in 4.10 anyway. > > I can try to put together the full series when I have time. It probably would > make sense for it to go through the fscrypt tree, given the dependencies. > > Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fscrypt" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
|