| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Oct 2019 00:04:33 -0700
From: Christoph Hellwig <hch@...radead.org>
To: Christoph Hellwig <hch@...radead.org>,
"Theodore Y. Ts'o" <tytso@....edu>,
Satya Tangirala <satyat@...gle.com>,
Paul Lawrence <paullawrence@...gle.com>,
Dave Chinner <david@...morbit.com>,
linux-f2fs-devel@...ts.sourceforge.net,
linux-fscrypt@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Jaegeuk Kim <jaegeuk@...nel.org>, linux-ext4@...r.kernel.org,
Paul Crowley <paulcrowley@...gle.com>
Subject: Re: [PATCH 1/3] fscrypt: add support for inline-encryption-optimized
policies
On Wed, Oct 23, 2019 at 07:44:59PM -0700, Eric Biggers wrote:
> Would you be happy with something that more directly describes the change the
> flag makes
Yes.
> , like FSCRYPT_POLICY_FLAG_CONTENTS_IV_INO_LBLK_64? I.e., the IVs for
> contents encryption are 64-bit and contain the inode and logical block numbers.
>
> Actually, we could use the same key derivation and IV generation for directories
> and symlinks too, which would result in just FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64.
> (lblk is 0 when encrypting a filename.)
I think not making it crazy verbose is a helpful, but at the same time
it should be somewhat descriptive.
> Although, in general it would be nice to name the settings in ways that are
> easier for people not intimately familiar with the crypto to understand...
For the andoid case the actual users won't ever really see it, and if
you set up the thing yourself it probably helps a lot to try to
understand what your are doing.
Powered by blists - more mailing lists