[194] in The Cryptographic File System users list
cfs and alternatives (was are there many active...)
daemon@ATHENA.MIT.EDU (Brian Edmonds)
Sun Jun 25 14:01:08 2000
From owner-cfs-users@nsa.research.att.com Sun Jun 25 18:01:08 2000
Return-Path: <owner-cfs-users@nsa.research.att.com>
Delivered-To: cfs-mtg@CHARON2.mit.edu
Received: (qmail 16843 invoked from network); 25 Jun 2000 18:01:08 -0000
Received: from mail-blue.research.att.com (135.207.30.102)
by charon2.mit.edu with SMTP; 25 Jun 2000 18:01:08 -0000
Received: from amontillado.research.att.com (amontillado.research.att.com [135.207.24.32])
by mail-blue.research.att.com (Postfix) with ESMTP
id 92E8F4CE0A; Sun, 25 Jun 2000 14:01:06 -0400 (EDT)
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id OAA14273;
Sun, 25 Jun 2000 14:01:03 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id OAA02735 for cfs-users-list; Sun, 25 Jun 2000 14:00:11 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from mail-green.research.att.com (mail-green.research.att.com [135.207.30.103]) by nsa.research.att.com (8.7.3/8.7.3) with ESMTP id OAA02731 for <cfs-users@nsa.research.att.com>; Sun, 25 Jun 2000 14:00:09 -0400 (EDT)
Received: by mail-green.research.att.com (Postfix)
id BAD041E018; Sun, 25 Jun 2000 14:00:08 -0400 (EDT)
Delivered-To: cfs-users@research.att.com
Received: from lios.gweep.bc.ca (a3a17164.sympatico.bconnected.net [209.53.11.73])
by mail-green.research.att.com (Postfix) with ESMTP id E04331E002
for <cfs-users@research.att.com>; Sun, 25 Jun 2000 14:00:07 -0400 (EDT)
Received: (from uucp@localhost)
by lios.gweep.bc.ca (8.9.3/8.9.1) with UUCP id LAA31018
for cfs-users@research.att.com; Sun, 25 Jun 2000 11:00:07 -0700
Received: by yuri.gweep.bc.ca (Postfix, from userid 500)
id 4DB0C55D5C; Sun, 25 Jun 2000 10:00:21 -0700 (PDT)
To: cfs-users@research.att.com
Subject: cfs and alternatives (was are there many active...)
References: <m3wvklxpxu.fsf@yuri.gweep.bc.ca> <392AC5DA.A95976FB@mypad.com>
From: Brian Edmonds <brian@gweep.bc.ca>
Date: 25 Jun 2000 10:00:21 -0700
In-Reply-To: gg&ht forever's message of "Tue, 23 May 2000 11:54:34 -0600"
Message-ID: <m3wvjdy9ui.fsf_-_@yuri.gweep.bc.ca>
Lines: 49
User-Agent: Gnus/5.0806 (Gnus v5.8.6) XEmacs/21.1 (Bryce Canyon)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cfs-users@research.att.com
Precedence: bulk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
gg&ht forever <lighthouse@mypad.com> writes:
> Regarding TCFS...conceptually this is a great idea and it is certainly
> much faster than CFS, but here are my complaints:
I'm going to keep following CFS development, since I think it's quite
cool, but I've switched to using an encrypted loopback filesystem on the
raw partition. It's not quite as flexible as CFS, but as this is a
single user system (my laptop), it's not a big deal, and it's a *lot*
more transparent -- just mount at boot time and everything on the entire
fs is encrypted.
> 1. It seems to *always* be behind wrt current kernel versions. I'm sure
> it's hard to keep up, but from a user perspective, it's a problem.
The encrypted loopback fs requires the international crypto patches for
the Linux kernel (www.kerneli.org), which have been tracking the 2.2
series really closely.
> 2. Password protection is *very* weak. Default is to use the Linux
> password for the user utilizing TCFS. Changing passwords is
> cumbersome.
With loopback you enter the password at the time you attach the physical
device to the loopback interface. You can't change it with out dumping
and restoring the whole fs, but you can use any passphrase you like. On
the downside this pretty much has to be done as root, while any user can
use CFS once it's installed.
> 3. You have to supply your own encryption module if you don't like
> triple DES. At least CFS has implemented Blowfish.
The international crypto patches supply a number of different crypto
systems. Currently I'm using serpent, which was recommended by the
docs, though I've not really checked it out carefully. My security
requirements are very modest at this time.
Brian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>
iD8DBQE5VjqhcCEFQUX5+OwRAlKPAJ9XI/H/jvRLP2+QRrm57sVLouGwgQCfXI0x
yEtJpCIOVGJ0C41FgzRN1h4=
=UOtT
-----END PGP SIGNATURE-----
