From cbb18380bee538f3b1f26e3588857bcdf8a1b964 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 29 Nov 2015 22:36:25 +0100
Subject: Update README and SECURITY documents

---
 README.md   | 18 +++++++++++++++++-
 SECURITY.md | 13 ++++++-------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index f7acabf..fa83629 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,22 @@ The output should look like this:
 Changelog
 ---------
 
+v0.5 (in progress)
+* **Stronger filename encryption: DirIV**
+ * Each directory gets a random 128 bit file name IV on creation,
+   stored in `gocryptfs.diriv`
+ * This makes it impossible to identify identically-named files across
+   directories
+ * A single-entry IV cache brings the performance cost of DirIV close to
+   zero for common operations (see performance.txt)
+ * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems
+   created by earlier version but not the other way round.
+* New command-line option:
+ * `-diriv`: Use the new per-directory IV file name encryption (default true)
+ * `-scryptn`: allows to set the scrypt cost parameter N. This option
+   can be used for faster mounting at the cost of lower brute-force
+   resistance. It was mainly added to speed up the automated tests.
+
 v0.4
 * New command-line options:
  * `-plaintextnames`: disables filename encryption, added on user request
@@ -112,7 +128,7 @@ v0.4
 * On-disk format 2
 
 v0.3
-* Add file header that contains a random id to authenticate blocks
+* **Add a random 128 bit file header to authenticate file->block ownership**
  * This is an on-disk-format change
 * On-disk format 1
 
diff --git a/SECURITY.md b/SECURITY.md
index 2e6f3f4..4db4c24 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -22,21 +22,20 @@ encrypted data unless you know the key.
 
 ### File Names
 
-* File names are encrypted using AES-256-CBC because it is robust even
-  without using an IV
-* The file names are padded to multiples of 16 bytes
+* File names are encrypted using AES-256-CBC with a per-directory IV
+* Each directory get a random 128 bit IV on creation
+ * Files with the same name in different directories are encrypted to
+   different filenames and can not be identified
+* File names are padded to multiples of 16 bytes
  * This means that the exact length of the name is hidden, only length
   ranges (1-16 bytes, 17-32 bytes etc.) can be determined from the encrypted
   files
-* For technical reasons, no IV is used
- * This means that files with the same name within one gocryptfs filesystem
-   always get the same encrypted name
 
 ### Metadata
 
 * The size of the file is not hidden. The exact file size can be calculated
   from the size of the encrypted file.
-* File owner, file permissions and timestamps are not hidden either
+* File owner, file permissions and timestamps are not hidden.
 
 Integrity
 ---------
-- 
cgit v1.2.3