XTS support in pefs

September 6, 2010 by · 1 Comment 

I’ve replaced CTR encryption mode with XTS. Salsa20 stream cipher was also removed. CTR mode was inappropriate design for a filesystem, and allowed encrypted data to be easily manipulated by attacker and could even reveal plantext in cases when previous encrypted data snapshots where available to attacker, i.e. filesystem level snapshots. There should be no visible performance degradation because of switching to XTS.

CTR mode compatibility is not available to prevent further misuse, thus upgrade by hand would be necessary.

Besides I’ve also commited real support for sparse files and file extending, it should make filesystem faster in generic use cases. New version also contains fix for a race in rename operation.

I would like to ask people interested in getting such functionality in FreeBSD to give pefs a try, any feedback is welcome.

Installation instructions may be found in my message to freebsd-current maillist.

About gleb


One Response to “XTS support in pefs”
  1. User says:

    Thanks for pefs. And the update to XTS. Will be trying it this month :)
    Hope it is safely atomic for filesystem consistency like GELI, and not like unsafe GBDE.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!