From 5d25c6e7e9217e33b1c54f0f5bc74c6fe3e44119 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 20 Dec 2015 18:25:10 +0100
Subject: Link to official website; move security document
---
Documentation/SECURITY.md | 48 +--
Documentation/file-content-encryption.svg | 516 ------------------------------
Documentation/file-name-encryption.svg | 400 -----------------------
Documentation/master-key.svg | 434 -------------------------
4 files changed, 1 insertion(+), 1397 deletions(-)
delete mode 100644 Documentation/file-content-encryption.svg
delete mode 100644 Documentation/file-name-encryption.svg
delete mode 100644 Documentation/master-key.svg
(limited to 'Documentation')
diff --git a/Documentation/SECURITY.md b/Documentation/SECURITY.md
index a49994a..47edd1d 100644
--- a/Documentation/SECURITY.md
+++ b/Documentation/SECURITY.md
@@ -1,47 +1 @@
-GoCryptFS Security
-==================
-
-Master Key Storage
-------------------
-
-The master key is used to perform content and file name encryption.
-It is stored in `gocryptfs.conf`, encrypted with AES-256-GCM using the
-Key Encryption Key (KEK).
-
-The KEK is generated from the user password using `scrypt`.
-
-
-
-File Contents
--------------
-
-All file contents are encrypted using AES-256-GCM (Galois/Counter Mode).
-
-Files are segmented into 4KB blocks. Each block gets a fresh random
-128 bit IV each time it is modified. A 128-bit authentication tag (GHASH)
-protects each block from modifications.
-
-Each file has a header containing a random 128-bit file ID. The
-file ID and the block number are mixed into the GHASH as
-*additional authenticated data*. The prevents blocks from being copied
-between or within files.
-
-
-
-To support sparse files, all-zero blocks are accepted and passed through
-unchanged.
-
-File Names
-----------
-
-Every directory gets a 128-bit directory IV that is stored in each
-directory as `gocryptfs.diriv`.
-
-File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption,
-see https://github.com/rfjakob/eme for details) with the directory IV
-as initialization vector. EME fixes the prefix leak that occours with CBC
-encryption.
-
-
-
-The Base64 encoding limits the usable filename length to 176 characters.
+This page has been moved to https://nuetzlich.net/gocryptfs/security/ .
diff --git a/Documentation/file-content-encryption.svg b/Documentation/file-content-encryption.svg
deleted file mode 100644
index 38a6f6b..0000000
--- a/Documentation/file-content-encryption.svg
+++ /dev/null
@@ -1,516 +0,0 @@
-
-
-
-
diff --git a/Documentation/file-name-encryption.svg b/Documentation/file-name-encryption.svg
deleted file mode 100644
index 45222e2..0000000
--- a/Documentation/file-name-encryption.svg
+++ /dev/null
@@ -1,400 +0,0 @@
-
-
-
-
diff --git a/Documentation/master-key.svg b/Documentation/master-key.svg
deleted file mode 100644
index bfc404a..0000000
--- a/Documentation/master-key.svg
+++ /dev/null
@@ -1,434 +0,0 @@
-
-
-
-
--
cgit v1.2.3