From 9419e7ae85b3a7f9a721717f5676215b450d7c7b Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 8 Dec 2015 16:41:45 +0100 Subject: Update README + docs for v0.6 release --- Documentation/SECURITY.md | 11 +++++++---- Documentation/file-name-encryption.svg | 14 +++++++------- Documentation/performance.txt | 7 ++++--- README.md | 17 ++++++++++++++--- 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md index 003eadb..dff2fab 100644 --- a/Documentation/SECURITY.md +++ b/Documentation/SECURITY.md @@ -15,7 +15,7 @@ The KEK is generated from the user password using `scrypt`. File Contents ------------- -All file contents are encrypted using AES-256-GCM. +All file contents are encrypted using AES-256-GCM (Galois/Counter Mode). Files are segmented into 4KB blocks. Each block gets a fresh random 96 bit IV each time it is modified. A 128-bit authentication tag (GHASH) @@ -37,8 +37,11 @@ File Names Every directory gets a 128-bit directory IV that is stored in each directory as `gocryptfs.diriv`. -File names are encrypted using AES-256-CBC with the directory IV as -initialization vector. The Base64 encoding limits the usable filename length -to 176 characters. +File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption, +see https://github.com/rfjakob/eme for details) with the directory IV +as initialization vector. EME fixes the prefix leak that occours with CBC +encryption. ![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg) + +The Base64 encoding limits the usable filename length to 176 characters. diff --git a/Documentation/file-name-encryption.svg b/Documentation/file-name-encryption.svg index 4093f24..45222e2 100644 --- a/Documentation/file-name-encryption.svg +++ b/Documentation/file-name-encryption.svg @@ -149,9 +149,9 @@ borderopacity="1.0" inkscape:pageopacity="0.0" inkscape:pageshadow="2" - inkscape:zoom="1.979899" - inkscape:cx="299.54034" - inkscape:cy="65.144047" + inkscape:zoom="2.8" + inkscape:cx="290.22759" + inkscape:cy="52.741737" inkscape:document-units="px" inkscape:current-layer="layer1" showgrid="true" @@ -186,7 +186,7 @@ image/svg+xml - + @@ -267,7 +267,7 @@ id="tspan4157-3-0-7-6-8" x="316.79153" y="309.39807" - style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-CBC + style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-EME IV /dev/null -RM: rm -rf linux-3.0 +LS: ls -lR linux-3.0 > /dev/null +RM: rm -Rf linux-3.0 VERSION UNTAR LS RM v0.4 48 1.5 5 v0.5-rc1 56 7 19 v0.5-rc1-1 54 4.1 9 -v0.5-rc1-2 45 1.7 3.4 +v0.5-rc1-2 45 1.7 3.4 +v0.6 47 1.8 4.3 diff --git a/README.md b/README.md index 4f48383..668da6b 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,10 @@ gocryptfs is built on top the excellent [go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its LoopbackFileSystem API. -This project was inspired by [EncFS](https://github.com/vgough/encfs) -and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16). +This project was inspired by EncFS and strives to fix its security +issues while providing good performance. For details on the security of gocryptfs see the -[SECURITY.md](Documentation/SECURITY.md) document. +[SECURITY.md](Documentation/SECURITY.md) design document. Current Status -------------- @@ -97,6 +97,17 @@ The output should look like this: Changelog --------- +v0.6 +* **Wide-block filename encryption using EME + DirIV** + * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes + the prefix leak. The used Go EME implementation is + https://github.com/rfjakob/eme which is, as far as I know, the first + implementation of EME in Go. + * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems + created by earlier version but not the other way round. +* New command-line option: + * `-emenames`: Enable EME filename encryption (default true) + v0.5 * **Stronger filename encryption: DirIV** * Each directory gets a random 128 bit file name IV on creation, -- cgit v1.2.3