I've replaced CTR encryption mode with XTS. Salsa20 stream cipher was also removed. CTR mode was inappropriate design for a filesystem, and allowed encrypted data to be easily manipulated by attacker and could even reveal plantext in cases when previous encrypted data snapshots where available to attacker, i.e. filesystem level snapshots. There should be no visible performance degradation because of switching to XTS.
CTR mode compatibility is not available to prevent further misuse, thus upgrade by hand would be necessary.
Besides I've also commited real support for sparse files and file extending, it should make filesystem faster in generic use cases. New version also contains fix for a race in rename operation.
I would like to ask people interested in getting such functionality in FreeBSD to give pefs a try, any feedback is welcome.
Installation instructions may be found in my message to freebsd-current maillist.
No comments:
Post a Comment