Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.development.apps > #697
| From | Lusotec <nomail@nomail.not> |
|---|---|
| Newsgroups | comp.os.linux.development.apps |
| Subject | Re: TeaSafe: an experimental encrypted user-space filesystem |
| Followup-To | comp.os.linux.development.apps |
| Date | 2014-04-17 15:33 +0100 |
| Organization | A noiseless patient Spider |
| Message-ID | <lioooj$8gi$1@dont-email.me> (permalink) |
| References | <200661fa-3bff-4f63-8fa1-0b72a4bf38ed@googlegroups.com> |
Followups directed to: comp.os.linux.development.apps
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 bhj.research@gmail.com wrote: > I would like to garner some interest and possible collaboration in > TeaSafe, an encrypted fuse filesystem I've been developing. It can be > considered as an alternative to TrueCrypt and EncFS etc. although I can't > promise how secure it is. > > I need testers, code reviewers, collaborators and people who might be > interested in coding up a UI. > > Would welcome any kind of feedback, generally. > > For anyone who is interested, I've set up a new google group here: > https://groups.google.com/forum/#!forum/teasafe > > Sorry for the spam. Here are some thoughts/questions on the quick look I've done to the github repo, in no particular order. 1) Cryptography/security software is not easy subject to tackle. Minor difficult to see issues can completely break security. You get points for courage. ;) 2) Encrypting a single file containing a file system and all files inside (like TrueCrypt) instead of one (or more) file per encrypted file (like EncFS) has advantages but also has disadvantages. What was your rational for this choice? 2.a) As norm, I use LUKS for full disk encryption and inside it I can install what even file system I want. This gives me a strong encryption with what ever file system features or performance I choose. I can add a loop device to the mix and get pretty much what one gets with TrueCrypt or TeaSafe. 2.b) I also use EncFS for file level encryption, especially in combination with cloud storage. This gives a somewhat trust worthy protection for cloud storage. 3) Why use a custom file system instead of an existing one? This seems unnecessary work and another source of possible issues. 4) XTEA has had some research that has showed it to be weaker than expected. AES256 or twofish seem to be stronger, at least from publicly available research. 5) Instead of linking/requiring OpenSSL for only SHA256, I would just copy a implementation of SHA256 (one that has a compatible license) and use it. 6) doxygen comments. It really help others when looking at the code. 7) Your code is looking good (at least the part I saw) and you are of to a good start. Well, that is it for a quick look. I'm already helping with a few other projects aside from actual payed work so I already have my plate quite full. Still, I'll find some time to run some tests and take a detailed look at some of the code. Good luck with your project. Regards. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAlNP5lAACgkQGQjO2ccW76o93AD/VaaPlK2Syfb2nUd09ONb9I+s MZUxKDYZv04JuHtu8ZgA/icgPoQa+cmNOx/X+45hp6drxYsI3PztX09NGs9rsHjp =siph -----END PGP SIGNATURE-----
Back to comp.os.linux.development.apps | Previous | Next — Previous in thread | Next in thread | Find similar
TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:20 -0700
Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:21 -0700
Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-16 03:26 -0700
Re: TeaSafe: an experimental encrypted user-space filesystem Lusotec <nomail@nomail.not> - 2014-04-17 15:33 +0100
Re: TeaSafe: an experimental encrypted user-space filesystem bhj.research@gmail.com - 2014-04-23 02:08 -0700
csiph-web