On 07/28/2010 09:44 AM, Tim Gardner wrote:
> ... how about... if the encrypted file name is too long then
> just use the unencrypted name on the lower file system ?
Dustin has suggested this before and while it would make our lives as
developers easier, I don't like it from a security standpoint. You
either want a security feature or you don't. If a user turns this on to
make some application work in their encrypted home, now they have to
make sure they don't create a meaningful file name that is 144 chars or
longer.
I much rather prefer a mount option to load a file name key encryption
key to decrypt old file names, but not encrypt any new file names. The
decision to encrypt or not is much more predictable.
On 07/28/2010 09:44 AM, Tim Gardner wrote:
> ... how about... if the encrypted file name is too long then
> just use the unencrypted name on the lower file system ?
Dustin has suggested this before and while it would make our lives as
developers easier, I don't like it from a security standpoint. You
either want a security feature or you don't. If a user turns this on to
make some application work in their encrypted home, now they have to
make sure they don't create a meaningful file name that is 144 chars or
longer.
I much rather prefer a mount option to load a file name key encryption
key to decrypt old file names, but not encrypt any new file names. The
decision to encrypt or not is much more predictable.