[170] in The Cryptographic File System users list
Re: cfs and list status
daemon@ATHENA.MIT.EDU (Bill Dorsey)
Tue Mar 14 15:21:22 2000
From owner-cfs-users@nsa.research.att.com Tue Mar 14 20:21:22 2000
Return-Path: <owner-cfs-users@nsa.research.att.com>
Delivered-To: cfs-mtg@CHARON2.mit.edu
Received: (qmail 13987 invoked from network); 14 Mar 2000 20:21:20 -0000
Received: from h-135-207-30-103.research.att.com (HELO mail-green.research.att.com) (135.207.30.103)
by charon2.mit.edu with SMTP; 14 Mar 2000 20:21:20 -0000
Received: from amontillado.research.att.com (amontillado.research.att.com [135.207.24.32])
by mail-green.research.att.com (Postfix) with ESMTP
id 80A7B1E017; Tue, 14 Mar 2000 15:21:00 -0500 (EST)
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id PAA09247;
Tue, 14 Mar 2000 15:21:39 -0500 (EST)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id PAA01601 for cfs-users-list; Tue, 14 Mar 2000 15:19:16 -0500 (EST)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from mail-blue.research.att.com (mail-blue.research.att.com [135.207.30.102]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id PAA01597 for <cfs-users@nsa.research.att.com>; Tue, 14 Mar 2000 15:19:14 -0500 (EST)
Received: by mail-blue.research.att.com (Postfix)
id B64E14CE40; Tue, 14 Mar 2000 15:19:55 -0500 (EST)
Delivered-To: cfs-users@research.att.com
Received: from lila.ip.idiom.com (lila.ip.idiom.com [216.240.40.38])
by mail-blue.research.att.com (Postfix) with ESMTP id 09E604CE3E
for <cfs-users@research.att.com>; Tue, 14 Mar 2000 15:19:55 -0500 (EST)
Received: from Matador (localhost [127.0.0.1])
by lila.ip.idiom.com (8.9.1b+Sun/8.9.1) with SMTP id MAA18394;
Tue, 14 Mar 2000 12:27:59 -0800 (PST)
Message-ID: <040401bf8df2$965750d0$8000000a@Matador>
From: "Bill Dorsey" <dorsey@lila.com>
To: <cfs-users@research.att.com>
Cc: "Holger Benl" <holger.benl@stud.uni-muenchen.de>
References: <200003122141.QAA28388@pebble> <20000313034022.F1631@wyvern.ptw.com> <03a801bf8cc5$eacad2f0$8000000a@Matador> <20000313112156.A9731@argo.cit.nih.gov> <38CE59BC.54731A26@stud.uni-muenchen.de>
Subject: Re: cfs and list status
Date: Tue, 14 Mar 2000 12:19:21 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.5600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600
Sender: owner-cfs-users@research.att.com
Precedence: bulk
Hi,
Holger Benl wrote:
> Bill Dorsey wrote:
> > Check out tcfs (Transparent Cryptographic File System) at
> > http://tcfs.dia.unisa.it .....
> > If you are running some
> > other flavor of Unix, you'll have to stick with CFS for now.
>
> Furthermore, TCFS is available for Linux 2.0.x kernels only.
> There are other alternatives as well... for example, you can encrypt
> loopback devices with the international linux kernel patch available
> at www.kerneli.org (I haven't tried it, though, since I'm perfectly
> happy with CFS).
I have been playing with TCFS under NetBSD as I am not a Linux
fan. It's not quite feature-complete at this point, but it shows a lot of
promise. Frankly, I would prefer to run CFS on all of my boxes as
I run both Solaris and NetBSD at present. Unfortunately, CFS
performance is painfully slow for me, in no small part because it is
not multi-threaded. Hopefully this will be something Matt addresses
in the 2.0 release.
I have no idea (because of the lack of source code) whether or not
Microsofts' implementation of EFS (encrypting filesystem) is crypto-
graphically sound or not (from their description of the filesystem, it
sounds good, but they may have screwed up the implementation).
However, I will say this: its implementation is so transparent to the
user that in most cases you cannot tell whether or not you are working
in an encrypted folder or not (the encryption key is derived from your
logon information and the performance hit is small enough to not be
noticeable most of the time. Other than the lack of published source
code, I think it serves as an example of a well-imlemented encrypting
filesystem -- to bad it only runs under Windoze 2000.
Given that the RSA patent expires in a few months, it may be worth
considering the use of public-key cryptography in the implementation
of CFS 2.0 as it eases a number of implementation barriers such as
the sharing of files among a number of users.
I look forward to the release of CFS 2.0. Currently, there are no
encrypted filesystems out there that are portable, fast, and capable
of supporting multiple processes/clients. Hopefully this will change
soon.
- Bill Dorsey
