Nodens-
commented
7 years ago Callback of gocryptfs issue: https://github.com/rfjakob/gocryptfs/issues/108
Closed Nodens- closed 7 years ago
Nodens-
commented
7 years ago Callback of gocryptfs issue: https://github.com/rfjakob/gocryptfs/issues/108
bailey27
commented
7 years ago Thanks for the encouragement. Contributions would be welcome.
I'm sorry for the late reply.
I see that @rfjakob already responded to your gocryptfs issue.
I will try to keep up with enhancements to gocryptfs.
If gocryptfs adds a deterministic option for SIV forward mode, then it should be easy to implement it.
A writable reverse mode would be a lot more work but doable.
bailey27
commented
7 years ago @rfjakob reminded me that gocryptfs is now using HKDF (derives separate keys for filenames and data) and Raw64 (base64 without the '=' padding chars) by default.
I just now added support for those features to cppcryptfs.
You might need to refresh your cppcryptfs source if you're having problems using filesystems created by the current version of gocryptfs.
Nodens-
commented
7 years ago Thank you for the reply! Do not worry about the latency, we can't be on top of github 24/7! I was out of the city for a seminar the past few days myself :)
Will certainly pull the latest commits and rebuild :)
Hello,
First of all thanks for the Windows port. It's extremely difficult to find an encryption solution that works properly in both Linux and Windows. I have not tested it yet (I am taking care of deps as we speak so I can compile it) but I will do so shortly. I have only setup the linux side of things at the moment. I have one basic question though regarding:
Why exactly is that? And are you sure gocryptfs does the same? (I will post the question there as well referencing this issue). What is good about the reverse mode is that it allows you to sync unencrypted files to a remote location without wasting space on a local encrypted copy. But if forward mounting works like that it means that you can not modify anything, repair, etc from another location/mount without breaking sync functionality.
AES-SIV is ~50% slower than AES-GCM which means that the only reason to use it is precisely the remote/deterministic functionality. I do not understand why the deterministic attribute is dropped from forward functionality which makes reverse functionality hard to access from other locations without risk of breaking things. Ideally there should be a parameter for forward mounting that determines the behaviour but anyhow the default for AES-SIV should be replicating the behaviour in reverse.
PS I love that this is a C++ project because I will actually contribute if I end up using it (I'm sure I will as everyother solution for what I am trying to do is bad or not crossplatform). I'm not really good with crypto stuff but I can certainly help in other aspects such as GUI, Windows integration, etc etc
Some more information about what I am doing. I am trying to use google drive as a universal low cost backup/sync/cloud solution. I need some development related files synced from unencrypted location on Windows (planning to do this with any google drive sync program-perhaps even the standard client- and cppcryptfs in reverse mode) plus mounting these files and pushing backups to other directories in the encrypted mount by mounting google drive in the linux server with google-drive-ocamlfuse and gocryptfs on top of it. Linux mounts (both gocryptfs plaintext and direct google-drive-ocamlfuse mount to unenecrypted parts of google drive will also be universally shared on the network via samba. In theory it should work great apart from the inability to mount forward in deterministic mode so that any modifications to the synced directories not mess up syncing functionality..