Age | Commit message (Collapse) | Author |
|
|
|
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
|
|
with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841
|
|
Removed repeated "conflicts"
|
|
|
|
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
|
|
added which package on linux is needed to use fido2 stick
|
|
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/646
|
|
Looks like https://github.com/rfjakob/gocryptfs/commit/86d8336b43418c028c34c37f06fcbd43ab0d44a1
forgot to add the option to the manpage.
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/617
|
|
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/621
|
|
Quoting fusefrontend_reverse/node_helpers.go :
// File names are padded to 16-byte multiples, encrypted and
// base64-encoded. We can encode at most 176 bytes to stay below the 255
// bytes limit:
// * base64(176 bytes) = 235 bytes
// * base64(192 bytes) = 256 bytes (over 255!)
// But the PKCS#7 padding is at least one byte. This means we can only use
// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/499
|
|
|
|
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
|
|
|
|
|
|
|
|
Different nonce size.
|
|
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option:
commit f3c777d5eaa682d878c638192311e52f9c204294
Author: @slackner
Date: Sun Nov 19 13:30:04 2017 +0100
main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
getrandom() syscall would be blocking (Go Bug #19274)
* Kernel versions prior to 3.17 do not support getrandom(), and there
is no check if the random generator has been properly initialized
before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.
https://github.com/rfjakob/gocryptfs/issues/596
|
|
|
|
It was in INIT OPTIONS by mistake.
|
|
And store it in gocryptfs.conf (=remove DirIV feature flag).
|
|
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/588
|
|
https://github.com/rfjakob/gocryptfs/issues/588
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/475
|
|
|
|
|
|
|
|
|
|
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance
regression to this commit.
|
|
Makes linking to them easier.
|
|
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.
We used to lazy-unmount in this case, but this means
pulling the rug from under the process.
For example, bash will start throwing
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
messages.
Fixes https://github.com/rfjakob/gocryptfs/issues/533
|
|
This option is similar to fuse(8) kernel_cache
Verified using vmtouch.
Without -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011159 seconds
Files: 1
Directories: 0
Resident Pages: 0/2560 0/10M 0%
Elapsed: 0.000993 seconds
With -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011564 seconds
Files: 1
Directories: 0
Resident Pages: 2560/2560 10M/10M 100%
Elapsed: 0.000369 seconds
|
|
https://github.com/rfjakob/gocryptfs/issues/497
|
|
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/517
|
|
The flag -fg does NOT imply -nosyslog. Syslog redirection is
active when -notifypid is passed.
|
|
|
|
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.
Closes https://github.com/rfjakob/gocryptfs/issues/515
|
|
|
|
As expected, we are slow. Fd caching will be implemented later.
|
|
|
|
|
|
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
|
|
|
|
Bisecting shows that the performance drop is caused by
this commit:
commit ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat Feb 29 19:58:08 2020 +0100
fusefrontend: drop xattr user namespace restriction
|