On 02/23/2014 10:43 AM, Ben RUBSON wrote: >>>> Issues 2.2 and 2.3, as well as reference [2] could be solved by using >>>> >>> random bytes. >>>> >>> How can this feature be enabled ? >>> >> >>> >> Random bytes won't solve reference [2] because the same amount of random >>> >> bytes (proportionally) will be added to each file, so you can still >>> >> figure out the relative sizes of files in a directory, and the number of >>> >> files in a directory. >> > >> > You’re right. >> > I thought that random bytes were used as a padding for the last partial >> > data block. But no :) >> > >> > So, a solution could to use a block instead of a stream for the last >> > (partial) data block. >> > The last partial block could be padded with random bytes, zeros… >> > I don’t know wether number of blocks used in a file is stored in its EncFS >> > header or not, but if it is, it could be replaced by its size, so that the >> > end of the file data in the last block is known. >> > Stream mode would then not be used at all, which would solve issues 2.2 >> > and 2.3. >> > >> > It would also solve reference [2] as encoded files' size would not be the >> > real files’ size but a multiple of the block size. >> > By "chance" it could be the real files' size, but not necessarily. > > Taylor, do you think it could be a solution ?
Sorry for not replying. I forgot I had this list automatically going into a different folder! Something like that could be a solution, but I'm hesitant to recommend it because there's lots of ways it could go wrong, and it's not something cryptographers have analyzed very well. I'd rather stick to the well-tested standard, which is XTS mode. But... if XTS mode absolutely isn't an option, then something like that would be possible, but it would need a good amount of thought. It wouldn't solve the file size disclosure issue, since you could still know files' real size to an accuracy of 16 bytes. That's still accurate enough to do fingerprinting. A LOT more research is needed to figure out how file size obfuscation should work... I don't think it's something EncFS should try to solve, at least not until the other problems are fixed. It's hard: https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2018#comment:15 -- Taylor Hornby ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
