Hi Matei,
have you taken a look at this?
https://github.com/vgough/encfs/blob/master/encfs/FileUtils.cpp#L847
On Nov 21, 2014 6:22 PM, "Matei David" <ma...@cs.toronto.edu> wrote:
> On Thu, 20 Nov 2014 17:47:59 -0800
> "Mark R. Pariente"
> <markparie...@gmail.com> wrote:
>
> > On Thu, Nov 20, 2014 at 5:28 PM, Matei David
> > <ma...@cs.toronto.edu> wrote:
> > > Hi,
> > >
> > > I'm interested in keeping two encfs folders in sync. One option is
> > > to run rsync/unison between the plaintext folders. I would like to
> > > have the additional option of performing sync on the ciphertexts.
> > >
> > > >From the tests that I ran, it seems to me that this is only
> > > >possible if
> > > uniqueIV is set to 0 in the configuration file. Whenever this is
> > > set to 1, the ciphertexts of two identical plaintext folders seem
> > > to be different. To clarify, my tests consisted of running this
> > > script while tweaking various parameters inside encfs6.xml.
> > >
> > > #!/bin/bash -x
> > > cat encfs6.xml
> > > rm -rf /tmp/.docs-{1,2} /tmp/docs-{1,2}
> > > mkdir -p /tmp/.docs-{1,2} /tmp/docs-{1,2}
> > > echo password |
> > > ENCFS6_CONFIG=encfs6.xml encfs -S /tmp/.docs-1 /tmp/docs-1
> > > echo password |
> > > ENCFS6_CONFIG=encfs6.xml encfs -S /tmp/.docs-2 /tmp/docs-2
> > > echo "hello" >/tmp/docs-1/a-file
> > > rsync -a /tmp/docs-1/ /tmp/docs-2/
> > > md5sum /tmp/.docs-[12]/*
> > > fusermount -u /tmp/docs-1
> > > fusermount -u /tmp/docs-2
> > >
> > > My question is, are there security considerations why I would want
> > > to keep uniqueIV set to 1? I checked the manual and the guide here
> > > http://www.ict.griffith.edu.au/anthony/info/crypto/encfs.hints
> > > Neither mention unique IVs or what they are good for.
> >
> > UniqueIV generates a random IV value for each file - that is why you
> > are seeing the same plaintext/path resulting in different ciphertext
> > when copied.
> >
> > The reasoning for uniqueIV is to prevent statistical attacks -
> > without it the same plaintext results in the same ciphertext so an
> > observer can tell how many copies of a file you have, and this is
> > considered information leakage.
>
> Thanks for the prompt reply.
>
> From the description in the manual, I would have thought that
> externalIVChaining would prevent such an attack: I thought 2 identical
> plaintext files would encrypt in different ways depending on their
> names (or paths, with chainedNameIV). But my understanding is wrong,
> right? I think I'm mixing up 2 things that are being encrypted: file
> names, and file contents.
>
> Can you explain what externalIVChaining does exactly? I tried to
> figure it out but I don't see any effect. Here's what I tried:
>
> - for every triple of IV-related options:
> (uniqueIV, chainedNameIV, externalIVChaining)
> - create 2 identical plaintext files (file-a, file-b)
> - copy them to a directory (dir/file-a dir/file-b)
> - so in total, there are 4 identical files, with 2 different base names
> - sync the plaintexts between 2 mounts
> - count:
> - unique file names in ciphertext of 1 mount
> - unique file names in ciphertext of both mounts
> - unique checksums in ciphertext of 1 mount
> - unique checksums in ciphertext of both mounts
>
> I'm attaching the script. The results I see are:
> 000 2 2 1 1
> 001 2 2 1 1
> 010 4 4 1 1
> 011 4 4 1 1
> 100 2 2 4 8
> 101 2 2 4 8
> 110 4 4 4 8
> 111 4 4 4 8
>
> Based on this, I infer that:
> - uniqueIV affects only file content encryption, not file names
> - chainedNameIV affects only file name encryption, not file contents
>
> What I don't understand is the effect of externalIVChaining. I don't
> see anything chaning when it is enabled.
>
> Thanks,
> M
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Encfs-users mailing list
> Encfs-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/encfs-users
>
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
