diff options
author | Jakob Unterwurzacher | 2015-11-29 22:36:25 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-11-29 22:36:25 +0100 |
commit | cbb18380bee538f3b1f26e3588857bcdf8a1b964 (patch) | |
tree | 1a6ac3a5ea5146ad29a6a7890b81da3fea2d5a7c /README.md | |
parent | ce42a6f23d9fd50ddf2e66a68e6ec57cad80c018 (diff) |
Update README and SECURITY documents
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -100,6 +100,22 @@ The output should look like this: Changelog --------- +v0.5 (in progress) +* **Stronger filename encryption: DirIV** + * Each directory gets a random 128 bit file name IV on creation, + stored in `gocryptfs.diriv` + * This makes it impossible to identify identically-named files across + directories + * A single-entry IV cache brings the performance cost of DirIV close to + zero for common operations (see performance.txt) + * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems + created by earlier version but not the other way round. +* New command-line option: + * `-diriv`: Use the new per-directory IV file name encryption (default true) + * `-scryptn`: allows to set the scrypt cost parameter N. This option + can be used for faster mounting at the cost of lower brute-force + resistance. It was mainly added to speed up the automated tests. + v0.4 * New command-line options: * `-plaintextnames`: disables filename encryption, added on user request @@ -112,7 +128,7 @@ v0.4 * On-disk format 2 v0.3 -* Add file header that contains a random id to authenticate blocks +* **Add a random 128 bit file header to authenticate file->block ownership** * This is an on-disk-format change * On-disk format 1 |