Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Current statusCurrent statusPosted Oct 28, 2005 1:00 UTC (Fri) by mhalcrow (subscriber, #17371)Parent article: Coming soon: eCryptfs
Mike Halcrow here. Over the last month, we have squashed several bugs and trimmed down the source to something that is more easily analyzable for inclusion into the Linux kernel. We have run FSX tests for 1 million iterations, can copy the entire Linux kernel, and have run the Basic Functional Connectathon tests on eCryptfs as of today. I just wrote up a patch today to provide derived initialization vectors rather than interspersed initialization vectors. Derived IV's significantly reduce the read/write overhead incurred and slightly reduce storage requirements, but the tradeoffs are (a) possibly less security if an attacker happens to have access to each intermediate iteration of the encrypted file and (b) no sparse regions in the encrypted files (which is not necessarily a bad thing) -- unless I change the file format again to provide sparse region scatterlists, but that sort of things will have to wait for a future release. As soon as I get the changes reviewed by my team, I will commit them, and eCryptfs will handle both formats. Policy will select which one is used in later versions.
We have one reproducible error at the moment with certain gcc jobs that involve ecryptfs_lookup() -- there seems to be some in-kernel memory corruption. We're in the process of tracking that one down, and then (hopefully with no more bugs) we should be set for a release as an experimental filesystem in the kernel. Any FS guru's out there who are willing to jump in and help at this point are certainly welcome:
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ecryptfs login
Thanks,
(Log in to post comments)
|
|||||||||||