lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 2 Feb 2021 13:12:21 -0800
From:   Eric Biggers <>
To:     Theodore Ts'o <>
Subject: Re: [ANNOUNCE] e2fsprogs v1.46.0

On Tue, Feb 02, 2021 at 12:32:07PM -0500, Theodore Ts'o wrote:
> E2fsprogs now supports the stable_inodes (COMPAT_STABLE_INODES) feature.
> This needed to support the siphash file system encryption algorithm,
> which calculates the initial vector (IV) for encryption based on the
> UUID and the inode number.  This means that we can't renumber inodes
> (for example, when shrinking a file system) and the UUID can't be
> changed without breaking the ability to decrypt the encryption.

Note that in the new encryption formats which stable_inodes allows, the
encryption algorithm is still AES-256-XTS, not SipHash.  (SipHash is a hash
function, not an encryption algorithm.)  It's the key derivation and IV
generation method that change.

> E2fsprogs now supports file systems which have both file system
> encryption and the casefold feature enabled.  This requires Linux
> version 5.10.

The kernel patches for encrypt + casefold on ext4 haven't been merged yet.  So
this combination actually won't be supported until Linux 5.12 at the earliest.

- Eric

Powered by blists - more mailing lists