Re: [PATCH 1/3] fscrypt: add support for inline-encryption-optimized policies
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
- Subject: Re: [PATCH 1/3] fscrypt: add support for inline-encryption-optimized policies
- From: Eric Biggers <ebiggers@xxxxxxxxxx>
- Date: Wed, 23 Oct 2019 19:44:59 -0700
- In-reply-to: <20191024012759.GA32358@infradead.org>
- Mail-followup-to: Christoph Hellwig <hch@xxxxxxxxxxxxx>, "Theodore Y. Ts'o" <tytso@xxxxxxx>, Satya Tangirala <satyat@xxxxxxxxxx>, Paul Lawrence <paullawrence@xxxxxxxxxx>, Dave Chinner <david@xxxxxxxxxxxxx>, linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx, linux-fscrypt@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, Jaegeuk Kim <jaegeuk@xxxxxxxxxx>, linux-ext4@xxxxxxxxxxxxxxx, Paul Crowley <paulcrowley@xxxxxxxxxx>
- References: <20191021230355.23136-1-ebiggers@kernel.org> <20191021230355.23136-2-ebiggers@kernel.org> <20191022052712.GA2083@dread.disaster.area> <20191022060004.GA333751@sol.localdomain> <20191022133001.GA23268@mit.edu> <20191023092718.GA23274@infradead.org> <20191023125701.GA2460@mit.edu> <20191024012759.GA32358@infradead.org>
- User-agent: Mutt/1.12.2 (2019-09-21)
On Wed, Oct 23, 2019 at 06:27:59PM -0700, Christoph Hellwig wrote:
> > If and when the vaporware shows up in real hardware, and assuming that
> > fscrypt is useful for this hardware, we can name it
> > "super_duper_fancy_inline_crypto". :-)
>
> I think you are entirely missing the point. The point is that naming
> the option someting related to inline encryption is fundamentally
> wrong. It is related to a limitation of existing inline crypto
> engines, not related to the fudamental model. And all the other
> rambling below don't matter either.
>
Would you be happy with something that more directly describes the change the
flag makes, like FSCRYPT_POLICY_FLAG_CONTENTS_IV_INO_LBLK_64? I.e., the IVs for
contents encryption are 64-bit and contain the inode and logical block numbers.
Actually, we could use the same key derivation and IV generation for directories
and symlinks too, which would result in just FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64.
(lblk is 0 when encrypting a filename.)
Although, in general it would be nice to name the settings in ways that are
easier for people not intimately familiar with the crypto to understand...
- Eric
[Index of Archives]
[linux Cryptography]
[Asterisk App Development]
[PJ SIP]
[Gnu Gatekeeper]
[IETF Sipping]
[Info Cyrus]
[ALSA User]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite News]
[Deep Creek Hot Springs]
[Yosemite Campsites]
[ISDN Cause Codes]
