On Tue, Aug 22, 2017 at 10:22:30AM +0800, Anand Jain wrote: > > Hi Eric, > > How about a section on the threat model specific to the file-name ? > > (Sorry if I am missing something). > > Thanks, Anand It's already mentioned that filenames are encrypted: "fscrypt protects the confidentiality of file contents and filenames in the event of a single point-in-time permanent offline compromise of the block device content." There's not much more to it than that; all the other points in the "Threat model" section (offline manipulations, timing attacks, access control, key eviction, etc.) are essentially the same between contents and filenames encryption. Eric
