diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 190 |
1 files changed, 95 insertions, 95 deletions
@@ -140,16 +140,16 @@ Changelog v1.3-beta1 * **Use HKDF to derive separate keys for GCM and EME** - * New feature flag: `HKDF` (enabled by default) - * This is a forwards-compatible change. gocryptfs v1.3 can mount + * New feature flag: `HKDF` (enabled by default) + * This is a forwards-compatible change. gocryptfs v1.3 can mount filesystems created by earlier versions but not the other way round. * Enable Raw64 filename encoding by default (gets rid of trailing `==` characters) * Drop Go 1.4 compatibility. You now need Go 1.5 (released 2015-08-19) or higher to build gocryptfs. * Add `-serialize_reads` command-line option - * This can greatly improve performance on storage - that is very slow for concurrent out-of-order reads. Example: - Amazon Cloud Drive ([#92](https://github.com/rfjakob/gocryptfs/issues/92) + * This can greatly improve performance on storage + that is very slow for concurrent out-of-order reads. Example: + Amazon Cloud Drive ([#92](https://github.com/rfjakob/gocryptfs/issues/92) v1.2.1, 2017-02-26 * Add an integrated speed test, `gocryptfs -speed` @@ -161,7 +161,7 @@ v1.2.1, 2017-02-26 v1.2, 2016-12-04 * Add a control socket interface. Allows to encrypt and decrypt filenames. For details see [backintime#644](https://github.com/bit-team/backintime/issues/644#issuecomment-259835183). - * New command-line option: `-ctlsock` + * New command-line option: `-ctlsock` * Under certain circumstances, concurrent truncate and read could return an I/O error. This is fixed by introducing a global open file table that stores the file IDs @@ -170,10 +170,10 @@ v1.2, 2016-12-04 the write FUSE call ([commit with benchmarks](https://github.com/rfjakob/gocryptfs/commit/024511d9c71558be4b1169d6bb43bd18d65539e0)) * Add `-noprealloc` command-line option - * Greatly speeds up writes on Btrfs - ([#63](https://github.com/rfjakob/gocryptfs/issues/63)) - at the cost of reduced out-of-space robustness. - * This is a workaround for Btrfs' slow fallocate(2) + * Greatly speeds up writes on Btrfs + ([#63](https://github.com/rfjakob/gocryptfs/issues/63)) + at the cost of reduced out-of-space robustness. + * This is a workaround for Btrfs' slow fallocate(2) * Preserve owner for symlinks an device files (fixes bug [#64](https://github.com/rfjakob/gocryptfs/issues/64)) * Include rendered man page `gocryptfs.1` in the release tarball @@ -186,22 +186,22 @@ v1.1.1, 2016-10-30 v1.1, 2016-10-19 * **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))** - * AES-SIV (RFC5297) encryption to implement deterministic encryption - securely. Uses the excellent - [jacobsa/crypto](https://github.com/jacobsa/crypto) library. - The corresponding feature flag is called `AESSIV`. - * New command-line options: `-reverse`, `-aessiv` - * Filesystems using reverse mode can only be mounted with gocryptfs v1.1 - and later. - * The default, forward mode, stays fully compatible with older versions. - Forward mode will keep using GCM because it is much faster. + * AES-SIV (RFC5297) encryption to implement deterministic encryption + securely. Uses the excellent + [jacobsa/crypto](https://github.com/jacobsa/crypto) library. + The corresponding feature flag is called `AESSIV`. + * New command-line options: `-reverse`, `-aessiv` + * Filesystems using reverse mode can only be mounted with gocryptfs v1.1 + and later. + * The default, forward mode, stays fully compatible with older versions. + Forward mode will keep using GCM because it is much faster. * Accept `-o foo,bar,baz`-style options that are passed at the end of the command-line, like mount(1) does. All other options must still precede the passed paths. - * This allows **mounting from /etc/fstab**. See - [#45](https://github.com/rfjakob/gocryptfs/issues/45) for details. - * **Mounting on login using pam_mount** works as well. It is - [described in the wiki](https://github.com/rfjakob/gocryptfs/wiki/Mounting-on-login-using-pam_mount). + * This allows **mounting from /etc/fstab**. See + [#45](https://github.com/rfjakob/gocryptfs/issues/45) for details. + * **Mounting on login using pam_mount** works as well. It is + [described in the wiki](https://github.com/rfjakob/gocryptfs/wiki/Mounting-on-login-using-pam_mount). * To prevent confusion, the old `-o` option had to be renamed. It is now called `-ko`. Arguments to `-ko` are passed directly to the kernel. * New `-passfile` command-line option. Provides an easier way to read @@ -212,84 +212,84 @@ v1.1, 2016-10-19 v1.0, 2016-07-17 * Deprecate very old filesystems, stage 3/3 - * Filesystems created by v0.6 can no longer be mounted - * Drop command-line options `-gcmiv128`, `-emenames`, `-diriv`. These - are now always enabled. + * Filesystems created by v0.6 can no longer be mounted + * Drop command-line options `-gcmiv128`, `-emenames`, `-diriv`. These + are now always enabled. * Add fallocate(2) support * New command-line option `-o` - * Allows to pass mount options directly to the kernel + * Allows to pass mount options directly to the kernel * Add support for device files and suid binaries - * Only works when running as root - * Must be explicitely enabled by passing "-o dev" or "-o suid" or "-o suid,dev" + * Only works when running as root + * Must be explicitely enabled by passing "-o dev" or "-o suid" or "-o suid,dev" * Experimental Mac OS X support. See [ticket #15](https://github.com/rfjakob/gocryptfs/issues/15) for details. v0.12, 2016-06-19 * Deprecate very old filesystems, stage 2/3 - * Filesystems created by v0.6 and older can only be mounted read-only - * A [message](https://github.com/rfjakob/gocryptfs/blob/v0.12/internal/configfile/config_file.go#L120) - explaining the situation is printed as well + * Filesystems created by v0.6 and older can only be mounted read-only + * A [message](https://github.com/rfjakob/gocryptfs/blob/v0.12/internal/configfile/config_file.go#L120) + explaining the situation is printed as well * New command line option: `-ro` - * Mounts the filesystem read-only + * Mounts the filesystem read-only * Accept password from stdin as well ([ticket #30](https://github.com/rfjakob/gocryptfs/issues/30)) v0.11, 2016-06-10 * Deprecate very old filesystems, stage 1/3 - * Filesystems created by v0.6 and older can still be mounted but a - [warning](https://github.com/rfjakob/gocryptfs/blob/v0.11/internal/configfile/config_file.go#L120) - is printed - * See [ticket #29](https://github.com/rfjakob/gocryptfs/issues/29) for details and - join the discussion + * Filesystems created by v0.6 and older can still be mounted but a + [warning](https://github.com/rfjakob/gocryptfs/blob/v0.11/internal/configfile/config_file.go#L120) + is printed + * See [ticket #29](https://github.com/rfjakob/gocryptfs/issues/29) for details and + join the discussion * Add rsync stress test "pingpong-rsync.bash" - * Fix chown and utimens failures that caused rsync to complain + * Fix chown and utimens failures that caused rsync to complain * Build release binaries with Go 1.6.2 - * Big speedup for CPUs with AES-NI, see [ticket #23](https://github.com/rfjakob/gocryptfs/issues/23) + * Big speedup for CPUs with AES-NI, see [ticket #23](https://github.com/rfjakob/gocryptfs/issues/23) v0.10, 2016-05-30 * **Replace `spacemonkeygo/openssl` with `stupidgcm`** - * gocryptfs now has its own thin wrapper to OpenSSL's GCM implementation - called `stupidgcm`. - * This should fix the [compile issues](https://github.com/rfjakob/gocryptfs/issues/21) - people are seeing with `spacemonkeygo/openssl`. It also gets us - a 20% performance boost for streaming writes. + * gocryptfs now has its own thin wrapper to OpenSSL's GCM implementation + called `stupidgcm`. + * This should fix the [compile issues](https://github.com/rfjakob/gocryptfs/issues/21) + people are seeing with `spacemonkeygo/openssl`. It also gets us + a 20% performance boost for streaming writes. * **Automatically choose between OpenSSL and Go crypto** [issue #23](https://github.com/rfjakob/gocryptfs/issues/23) - * Go 1.6 added an optimized GCM implementation in amd64 assembly that uses AES-NI. - This is faster than OpenSSL and is used if available. In all other - cases OpenSSL is much faster and is used instead. - * `-openssl=auto` is the new default - * Passing `-openssl=true/false` overrides the autodetection. + * Go 1.6 added an optimized GCM implementation in amd64 assembly that uses AES-NI. + This is faster than OpenSSL and is used if available. In all other + cases OpenSSL is much faster and is used instead. + * `-openssl=auto` is the new default + * Passing `-openssl=true/false` overrides the autodetection. * Warn but continue anyway if fallocate(2) is not supported by the underlying filesystem, see [issue #22](https://github.com/rfjakob/gocryptfs/issues/22) - * Enables to use gocryptfs on ZFS and ext3, albeit with reduced out-of-space safety. + * Enables to use gocryptfs on ZFS and ext3, albeit with reduced out-of-space safety. * [Fix statfs](https://github.com/rfjakob/gocryptfs/pull/27), by @lxp * Fix a fsstress [failure](https://github.com/hanwen/go-fuse/issues/106) in the go-fuse library. v0.9, 2016-04-10 * **Long file name support** - * gocryptfs now supports file names up to 255 characters. - * This is a forwards-compatible change. gocryptfs v0.9 can mount filesystems + * gocryptfs now supports file names up to 255 characters. + * This is a forwards-compatible change. gocryptfs v0.9 can mount filesystems created by earlier versions but not the other way round. * Refactor gocryptfs into multiple "internal" packages * New command-line options: - * `-longnames`: Enable long file name support (default true) - * `-nosyslog`: Print messages to stdout and stderr instead of syslog (default false) - * `-wpanic`: Make warning messages fatal (used for testing) - * `-d`: Alias for `-debug` - * `-q`: Alias for `-quiet` + * `-longnames`: Enable long file name support (default true) + * `-nosyslog`: Print messages to stdout and stderr instead of syslog (default false) + * `-wpanic`: Make warning messages fatal (used for testing) + * `-d`: Alias for `-debug` + * `-q`: Alias for `-quiet` v0.8, 2016-01-23 * Redirect output to syslog when running in the background * New command-line option: - * `-memprofile`: Write a memory allocation debugging profile the specified - file + * `-memprofile`: Write a memory allocation debugging profile the specified + file v0.7.2, 2016-01-19 * **Fix performance issue in small file creation** - * This brings performance on-par with EncFS paranoia mode, with streaming writes - significantly faster - * The actual [fix](https://github.com/hanwen/go-fuse/commit/c4b6b7949716d13eec856baffc7b7941ae21778c) - is in the go-fuse library. There are no code changes in gocryptfs. + * This brings performance on-par with EncFS paranoia mode, with streaming writes + significantly faster + * The actual [fix](https://github.com/hanwen/go-fuse/commit/c4b6b7949716d13eec856baffc7b7941ae21778c) + is in the go-fuse library. There are no code changes in gocryptfs. v0.7.1, 2016-01-09 * Make the `build.bash` script compatible with Go 1.3 @@ -298,23 +298,23 @@ v0.7.1, 2016-01-09 v0.7, 2015-12-20 * **Extend GCM IV size to 128 bit from Go's default of 96 bit** - * This pushes back the birthday bound to make IV collisions virtually - impossible - * This is a forwards-compatible change. gocryptfs v0.7 can mount filesystems - created by earlier versions but not the other way round. + * This pushes back the birthday bound to make IV collisions virtually + impossible + * This is a forwards-compatible change. gocryptfs v0.7 can mount filesystems + created by earlier versions but not the other way round. * New command-line option: - * `-gcmiv128`: Use 128-bit GCM IVs (default true) + * `-gcmiv128`: Use 128-bit GCM IVs (default true) v0.6, 2015-12-08 * **Wide-block filename encryption using EME + DirIV** - * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes - the prefix leak. The used Go EME implementation is - https://github.com/rfjakob/eme which is, as far as I know, the first - implementation of EME in Go. - * This is a forwards-compatible change. gocryptfs v0.6 can mount filesystems - created by earlier versions but not the other way round. + * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes + the prefix leak. The used Go EME implementation is + https://github.com/rfjakob/eme which is, as far as I know, the first + implementation of EME in Go. + * This is a forwards-compatible change. gocryptfs v0.6 can mount filesystems + created by earlier versions but not the other way round. * New command-line option: - * `-emenames`: Enable EME filename encryption (default true) + * `-emenames`: Enable EME filename encryption (default true) v0.5.1, 2015-12-06 * Fix a rename regression caused by DirIV and add test case @@ -322,34 +322,34 @@ v0.5.1, 2015-12-06 v0.5, 2015-12-04 * **Stronger filename encryption: DirIV** - * Each directory gets a random 128 bit file name IV on creation, - stored in `gocryptfs.diriv` - * This makes it impossible to identify identically-named files across - directories - * A single-entry IV cache brings the performance cost of DirIV close to - zero for common operations (see performance.txt) - * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems - created by earlier versions but not the other way round. + * Each directory gets a random 128 bit file name IV on creation, + stored in `gocryptfs.diriv` + * This makes it impossible to identify identically-named files across + directories + * A single-entry IV cache brings the performance cost of DirIV close to + zero for common operations (see performance.txt) + * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems + created by earlier versions but not the other way round. * New command-line option: - * `-diriv`: Use the new per-directory IV file name encryption (default true) - * `-scryptn`: allows to set the scrypt cost parameter N. This option - can be used for faster mounting at the cost of lower brute-force - resistance. It was mainly added to speed up the automated tests. + * `-diriv`: Use the new per-directory IV file name encryption (default true) + * `-scryptn`: allows to set the scrypt cost parameter N. This option + can be used for faster mounting at the cost of lower brute-force + resistance. It was mainly added to speed up the automated tests. v0.4, 2015-11-15 * New command-line options: - * `-plaintextnames`: disables filename encryption, added on user request - * `-extpass`: calls an external program for prompting for the password - * `-config`: allows to specify a custom gocryptfs.conf path + * `-plaintextnames`: disables filename encryption, added on user request + * `-extpass`: calls an external program for prompting for the password + * `-config`: allows to specify a custom gocryptfs.conf path * Add `FeatureFlags` gocryptfs.conf paramter - * This is a config format change, hence the on-disk format is incremented - * Used for ext4-style filesystem feature flags. This should help avoid future - format changes. The first user is `-plaintextnames`. + * This is a config format change, hence the on-disk format is incremented + * Used for ext4-style filesystem feature flags. This should help avoid future + format changes. The first user is `-plaintextnames`. * On-disk format 2 v0.3, 2015-11-01 * **Add a random 128 bit file header to authenticate file->block ownership** - * This is an on-disk-format change + * This is an on-disk-format change * On-disk format 1 v0.2, 2015-10-11 |