Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.development.apps > #713

Re: TeaSafe: an experimental encrypted user-space filesystem

Newsgroups comp.os.linux.development.apps
Date 2014-04-23 02:08 -0700
References <200661fa-3bff-4f63-8fa1-0b72a4bf38ed@googlegroups.com> <lioooj$8gi$1@dont-email.me>
Message-ID <59d0a3f6-c59e-4778-affc-3d3881d72e37@googlegroups.com> (permalink)
Subject Re: TeaSafe: an experimental encrypted user-space filesystem
From bhj.research@gmail.com

Show all headers | View raw

Many thanks for your reply and sorry for my late response (vacation)

> 
> 
> 1) Cryptography/security software is not easy subject to tackle. Minor 
> 
> difficult to see issues can completely break security. You get points for 
> 
> courage. ;)
> 

Heh, cheers, I guess I see this as a explorative technical exercise. It's something I find interesting :-)

> 
> 2) Encrypting a single file containing a file system and all files inside 
> 
> (like TrueCrypt) instead of one (or more) file per encrypted file (like 
> 
> EncFS) has advantages but also has disadvantages. What was your rational for 
> 
> this choice?
> 

TeaSafe's original aim was to make a 'better' zip file, but this was placed on a slight back burner as my interests changed. 

I guess the main disadvantage of EncFS -- as I understand it (I've never actually used it before) 

-- is that it exposes the filesystem content (albeit encrypted); 
-- you know the file structure, you can 'see' the file hierarchy and the sizes of files, etc. 

With single-container systems like truecrypt and teasafe, it is impossible to know the underlying file structure without decrypting the whole container. In my view, this provides a little more obscurity. Single container systems also make it easier to incorporate hidden volumes. 

Granted teasafe would be somewhat limited when it comes to integrating with cloud storage. EncFS is probably also a faster scheme (generally) due to less seek overhead.

> 
> 
> 2.a) As norm, I use LUKS for full disk encryption and inside it I can 
> 
> install what even file system I want. This gives me a strong encryption with 
> 
> what ever file system features or performance I choose. I can add a loop 
> 
> device to the mix and get pretty much what one gets with TrueCrypt or 
> 
> TeaSafe.

I've heard some good things about LUKS. Back in the day, I used dm-crypt. I guess it's similar (?).

> 
> 
> 
> 2.b) I also use EncFS for file level encryption, especially in combination 
> 
> with cloud storage. This gives a somewhat trust worthy protection for cloud 
> 
> storage.
> 
> 
> 
> 3) Why use a custom file system instead of an existing one? This seems 
> 
> unnecessary work and another source of possible issues.

I like tinkering and I wanted to see how hard it is to create a real filesystem and learn something about it in the process. Alas, it is rather slow (and probably quite buggy). I'll provide a high-level overview at some point down the line.

> 
> 
> 
> 4) XTEA has had some research that has showed it to be weaker than expected. 
> 
> AES256 or twofish seem to be stronger, at least from publicly available 
> 
> research.
> 
> 

I chose XTEA for its simplicity. But yes, I have also read about it being rather week and actually crackable up to 64 rounds (?). Time permitting, would like to investigate and possibly incorporate some other transformational ciphers.

> 
> 5) Instead of linking/requiring OpenSSL for only SHA256, I would just copy a 
> 
> implementation of SHA256 (one that has a compatible license) and use it.
> 
> 

Ah that's a good idea! Thanks!

> 
> 6) doxygen comments. It really help others when looking at the code.
> 

:-)

> 
> 
> 7) Your code is looking good (at least the part I saw) and you are of to a 
> 
> good start. 
> 
> 

Thanks! I really appreciate you having a look!

> 
> Well, that is it for a quick look.
> 
> 
> 
> I'm already helping with a few other projects aside from actual payed work 
> 
> so I already have my plate quite full. Still, I'll find some time to run 
> 
> some tests and take a detailed look at some of the code.
> 
> 

That's fair enough. Looking forward to any and all feedback!

Cheers,
Ben.

> 
> Good luck with your project.
> 
> 
> 
> Regards.
>

Back to comp.os.linux.development.apps | Previous | NextPrevious in thread | Find similar

Thread

TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:20 -0700
  Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:21 -0700
  Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:26 -0700
  Re: TeaSafe: an experimental encrypted user-space filesystem Lusotec <nomail@nomail.not> - 2014-04-17 15:33 +0100
    Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-23 02:08 -0700

csiph-web