diff options
author | Jakob Unterwurzacher | 2015-12-08 16:41:45 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-12-08 16:41:45 +0100 |
commit | 9419e7ae85b3a7f9a721717f5676215b450d7c7b (patch) | |
tree | 9d2957264791ee39e156cc20d86adfc1237ac57f /Documentation/SECURITY.md | |
parent | e3f35d38b599801312e982c19b191aa5dd76f94d (diff) |
Update README + docs for v0.6 releasev0.6
Diffstat (limited to 'Documentation/SECURITY.md')
-rw-r--r-- | Documentation/SECURITY.md | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md index 003eadb..dff2fab 100644 --- a/Documentation/SECURITY.md +++ b/Documentation/SECURITY.md @@ -15,7 +15,7 @@ The KEK is generated from the user password using `scrypt`. File Contents ------------- -All file contents are encrypted using AES-256-GCM. +All file contents are encrypted using AES-256-GCM (Galois/Counter Mode). Files are segmented into 4KB blocks. Each block gets a fresh random 96 bit IV each time it is modified. A 128-bit authentication tag (GHASH) @@ -37,8 +37,11 @@ File Names Every directory gets a 128-bit directory IV that is stored in each directory as `gocryptfs.diriv`. -File names are encrypted using AES-256-CBC with the directory IV as -initialization vector. The Base64 encoding limits the usable filename length -to 176 characters. +File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption, +see https://github.com/rfjakob/eme for details) with the directory IV +as initialization vector. EME fixes the prefix leak that occours with CBC +encryption. ![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg) + +The Base64 encoding limits the usable filename length to 176 characters. |