Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption

[PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-18
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Andreas Dilger <hidden> · 2017-08-18
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Theodore Ts'o <tytso@mit.edu> · 2017-08-20
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-21
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-21
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Theodore Ts'o <tytso@mit.edu> · 2017-08-21
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-21
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-28
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-31
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Theodore Ts'o <tytso@mit.edu> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-22
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-28
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Theodore Ts'o <tytso@mit.edu> · 2017-08-28
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Anand Jain <hidden> · 2017-08-29
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-31
Re: [PATCH] fscrypt: add a documentation file for filesystem-level encryption · Eric Biggers <hidden> · 2017-08-31

From: Eric Biggers <hidden>
Date: 2017-08-22 02:55:49
Also in: linux-fscrypt, linux-fsdevel

On Tue, Aug 22, 2017 at 10:22:30AM +0800, Anand Jain wrote:

Hi Eric,

  How about a section on the threat model specific to the file-name ?

  (Sorry if I am missing something).

Thanks, Anand

It's already mentioned that filenames are encrypted: "fscrypt protects the
confidentiality of file contents and filenames in the event of a single
point-in-time permanent offline compromise of the block device content."
There's not much more to it than that; all the other points in the "Threat
model" section (offline manipulations, timing attacks, access control, key
eviction, etc.) are essentially the same between contents and filenames
encryption.

Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help