aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Documentation/SECURITY.md11
-rw-r--r--Documentation/file-name-encryption.svg14
-rw-r--r--Documentation/performance.txt7
-rw-r--r--README.md17
4 files changed, 32 insertions, 17 deletions
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md
index 003eadb..dff2fab 100644
--- a/Documentation/SECURITY.md
+++ b/Documentation/SECURITY.md
@@ -15,7 +15,7 @@ The KEK is generated from the user password using `scrypt`.
File Contents
-------------
-All file contents are encrypted using AES-256-GCM.
+All file contents are encrypted using AES-256-GCM (Galois/Counter Mode).
Files are segmented into 4KB blocks. Each block gets a fresh random
96 bit IV each time it is modified. A 128-bit authentication tag (GHASH)
@@ -37,8 +37,11 @@ File Names
Every directory gets a 128-bit directory IV that is stored in each
directory as `gocryptfs.diriv`.
-File names are encrypted using AES-256-CBC with the directory IV as
-initialization vector. The Base64 encoding limits the usable filename length
-to 176 characters.
+File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption,
+see https://github.com/rfjakob/eme for details) with the directory IV
+as initialization vector. EME fixes the prefix leak that occours with CBC
+encryption.
![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg)
+
+The Base64 encoding limits the usable filename length to 176 characters.
diff --git a/Documentation/file-name-encryption.svg b/Documentation/file-name-encryption.svg
index 4093f24..45222e2 100644
--- a/Documentation/file-name-encryption.svg
+++ b/Documentation/file-name-encryption.svg
@@ -149,9 +149,9 @@
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
- inkscape:zoom="1.979899"
- inkscape:cx="299.54034"
- inkscape:cy="65.144047"
+ inkscape:zoom="2.8"
+ inkscape:cx="290.22759"
+ inkscape:cy="52.741737"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="true"
@@ -186,7 +186,7 @@
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
- <dc:title></dc:title>
+ <dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
@@ -267,7 +267,7 @@
id="tspan4157-3-0-7-6-8"
x="316.79153"
y="309.39807"
- style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-CBC</tspan></text>
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-EME</tspan></text>
<path
style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8559)"
d="m 558.97059,270.16733 -169.78791,0.0896 0,17.75633"
@@ -359,14 +359,14 @@
<text
xml:space="preserve"
style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.01774597px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66333771px;word-spacing:0px;fill:#aa00d4;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
- x="462.66055"
+ x="456.66174"
y="266.66168"
id="text4155-88-3-5-0"
sodipodi:linespacing="125%"
transform="scale(1.0001971,0.99980293)"><tspan
sodipodi:role="line"
id="tspan4157-9-7-3-8"
- x="462.66055"
+ x="456.66174"
y="266.66168"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00295734px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px;fill:#aa00d4">IV</tspan></text>
<rect
diff --git a/Documentation/performance.txt b/Documentation/performance.txt
index 2194311..c0bd2d0 100644
--- a/Documentation/performance.txt
+++ b/Documentation/performance.txt
@@ -2,11 +2,12 @@ All test performed on tmpfs, /tmp/a mounted on /tmp/b.
The used test archive is https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.tar.gz .
UNTAR: tar xfz ../linux-3.0.tar.gz
-LS: ls -lR > /dev/null
-RM: rm -rf linux-3.0
+LS: ls -lR linux-3.0 > /dev/null
+RM: rm -Rf linux-3.0
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
-v0.5-rc1-2 45 1.7 3.4
+v0.5-rc1-2 45 1.7 3.4
+v0.6 47 1.8 4.3
diff --git a/README.md b/README.md
index 4f48383..668da6b 100644
--- a/README.md
+++ b/README.md
@@ -6,10 +6,10 @@ gocryptfs is built on top the excellent
[go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its
LoopbackFileSystem API.
-This project was inspired by [EncFS](https://github.com/vgough/encfs)
-and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16).
+This project was inspired by EncFS and strives to fix its security
+issues while providing good performance.
For details on the security of gocryptfs see the
-[SECURITY.md](Documentation/SECURITY.md) document.
+[SECURITY.md](Documentation/SECURITY.md) design document.
Current Status
--------------
@@ -97,6 +97,17 @@ The output should look like this:
Changelog
---------
+v0.6
+* **Wide-block filename encryption using EME + DirIV**
+ * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes
+ the prefix leak. The used Go EME implementation is
+ https://github.com/rfjakob/eme which is, as far as I know, the first
+ implementation of EME in Go.
+ * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems
+ created by earlier version but not the other way round.
+* New command-line option:
+ * `-emenames`: Enable EME filename encryption (default true)
+
v0.5
* **Stronger filename encryption: DirIV**
* Each directory gets a random 128 bit file name IV on creation,