From d29a4de26d0e3f31f467bcc9167b9758fad774f8 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 17 Sep 2017 11:57:16 +0200 Subject: Update both forward and reverse mode crypto docs They were written before HKDF was introduced. Improve graphics as well --- docs/forward_mode_crypto.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'docs/forward_mode_crypto.md') diff --git a/docs/forward_mode_crypto.md b/docs/forward_mode_crypto.md index e9b4f47..67cbaf6 100644 --- a/docs/forward_mode_crypto.md +++ b/docs/forward_mode_crypto.md @@ -38,12 +38,14 @@ File Contents All file contents are encrypted using AES-256-GCM (Galois/Counter Mode). -Files are segmented into 4KB blocks. Each block gets a fresh random +Files are segmented into 4KiB blocks. Each block gets a fresh random 128 bit IV each time it is modified. A 128-bit authentication tag (GHASH) protects each block from modifications. Each file has a header containing a random 128-bit file ID. The -file ID and the block number are mixed into the GHASH as +file ID and the block number are concatenated +(source code [ref](https://github.com/rfjakob/gocryptfs/blob/master/internal/contentenc/content.go#L124)) +and mixed into the GHASH as *additional authenticated data*. The prevents blocks from being copied between or within files. @@ -66,8 +68,8 @@ encryption. ![](img/file-name-encryption.svg) The Base64 encoding limits the usable filename length to 176 characters. -Filenames that are longer than that (longer than 255 characters in Base64- -encoded form) use long file name handling (since gocryptfs v0.9). +Filenames that are longer than that (longer than 255 characters in +Base64-encoded form) use long file name handling, introduced in gocryptfs v0.9. Long File Name Handling ----------------------- @@ -96,5 +98,5 @@ for filenames that are <= 176 characters, incurs no extra disk accesses for opening a file with a long name, and just one extra file read for each long-name file on readdir(1). -Because the hash is only taken from the encrypted file name, there is no -security penalty for using long names. +Because the hash is only taken from the encrypted file name that is public +anyway, there is no security penalty for using long names. -- cgit v1.2.3