[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New release of CFS Unix encrypting file system available

In article <[email protected]>
Scott Brickner <[email protected]> wrote:
>Matt Blaze writes:
>>CFS pushes encryption services into the Unix(tm) file system.  It
>>supports secure storage at the system level through a standard Unix
>>file system interface to encrypted files.  Users associate a
>>cryptographic key with the directories they wish to protect.  Files in
>>these directories (as well as their pathname components) are
>>transparently encrypted and decrypted with the specified key without
>>further user intervention; cleartext is never stored on a disk or sent
>>to a remote file server.  CFS employs a novel combination of DES
>>stream and codebook cipher modes to provide high security with good
>>performance on a modern workstation.  CFS can use any available file
>>system for its underlying storage without modification, including
>>remote file servers such as NFS.  System management functions, such as
>>file backup, work in a normal manner and without knowledge of the key.
>What happens to hard links?
>mkdir foo bar
>CFS_set_directory_key -directory ./foo -key foo-key
>CFS_set_directory_key -directory ./bar -key bar-key
>cp /etc/passwd ./foo/test1
>ln ./foo/footest ./bar/bartest
>cmp ./foo/footest ./bar/bartest

This is a serious flaw. The emperor has no clothes. People should
sue at&t for this shit.