On Thu, Sep 20, 2007 at 03:06:54PM -0400, Matt Anderson wrote: > Encrypted filenames are listed in the project plan, and in the FAQ > there is a example given and a hint that the planned solution at > this point is to have a single key per directory for encrypting the > filenames. I wonder if anyone could explain in more detail what > problem encrypted filenames are intended to solve? I'm concerned > that this solution is overly complex when you could use DAC or > SELinux permissions to control access to a directory and then just > hide any secret filenames below that barrier.
eCryptfs was not designed to provide access control in a trusted host environment. The whole point of using eCryptfs is to provide data confidentiality in the event that the storage device itself is compromised. DAC and MAC mean nothing once the attacker has direct access to your device. Encrypted filenames are meant to address the problem of "secret_plans_for_acme_and_foobar_corp_merger_fall_2007.odp" in the USB keychain drive that you accidentally left on the subway. Mike
pgpRL0QHQIJzB.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ eCryptfs-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
