In message <[EMAIL PROTECTED]>, Steve writes:
> On Thu, Aug 26, 1999 at 06:55:20PM +0100, Antonomasia wrote:
> > I have tested that samba and cfs under linux will work together,
> > i.e. you serve plaintext across the net and it's magnetic home is
> > as cyphertext where CFS directories have been made. It's the cyphertext
> > that you get backed up on tape.
>
> Have you tried restoring from backup to make sure that it works?
>
> I'm under the impression that CFS uses inode numbers to compute an
> IV. If you restore the ciphertext from backups the inode numbers will
> probably be different and the files will not decrypt properly.
>
> Try this: copy a CFS ciphertext file from one ciphertext directory to
> another. Then attempt to read the plaintext of the new file. The
> filename and length are correct but the contents are corrupt. If you
> use ln instead of cp the file will read correctly, because the inode
> number is still the same.
According to the notes.ms file file, the IV derived in part from the i-node is
stored in a separate file, precisely because of that problem.
--Steve Bellovin
