[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170419171633.GB89688@gmail.com>
Date: Wed, 19 Apr 2017 10:16:33 -0700
From: Eric Biggers <ebiggers3@...il.com>
To: Richard Weinberger <richard.weinberger@...il.com>
Cc: Gwendal Grignou <gwendal@...omium.org>, hashimoto@...omium.org,
Eric Biggers <ebiggers@...gle.com>,
linux-f2fs-devel@...ts.sourceforge.net,
linux-fscrypt@...r.kernel.org,
"linux-mtd@...ts.infradead.org" <linux-mtd@...ts.infradead.org>,
Theodore Ts'o <tytso@....edu>, linux-ext4@...r.kernel.org,
kinaba@...omium.org
Subject: Re: [PATCH] fscrypt: use 32 bytes of encrypted filename
On Wed, Apr 19, 2017 at 03:40:13PM +0200, Richard Weinberger wrote:
> > Strangely, f2fs and ubifs do not use the bytes from the filename at all when
> > trying to find a specific directory entry in this case. So this patch doesn't
> > really affect them. This seems unreliable; perhaps we should introduce a
> > function like "fscrypt_name_matches()" which all the filesystems could call?
> > Can any of the f2fs and ubifs developers explain why they don't look at any
> > bytes from the filename?
>
> Not sure if I understand you correctly, but for long filenames UBIFS
> does a lookup
> by hash/cookie, not by filename.
>
Well, like I said to Jaegeuk for F2FS, that's what the code does, but _why_?
Like F2FS, it's probably not the case that the hash is sufficient to reliably
identify a directory entry. Granted, UBIFS does it a lot better than F2FS since
UBIFS uses two 32-bit hashes rather than just one, but it seems the second hash
may be neither necessary nor sufficient to identify a specific directory entry,
and it should be looking at the bytes of ciphertext from the filename instead,
like what ext4 does. (Provided that is fixed to account for how CTS mode
encryption works.)
- Eric
Powered by blists - more mailing lists