Hi Eric,
This is incorrect because for a file there is one only inode system-wide, not one inode per user (or per process). So everyone will either see the key in the inode or not.
Well I didn't say inode per user. As I said inode has Key pointer, and if its not for the file-name then there is no requisite to check key during directory lookup, which apparently seems to be reason for the performance hit.
There are actually several separate protections against such attacks. First, the encryption of both contents and filenames makes it more difficult (though not necessarily impossible) to identify target files.
Well its not done in the right way. as below.
Not encrypting filenames would not be the end of the world, but it's a security enhancement which is nice to have. And I think you are blaming filenames encryption specifically for things which are actually more general concerns.
An identifiable dir/file name isn't the problem. The problem is that the policy on the directory is modifiable/removable by the attacker. Encrypting the file name for this purpose is just not convincing to me. Thanks, Anand
