search

rfjakob / gocryptfs

Encrypted overlay filesystem written in Go
https://nuetzlich.net/gocryptfs/
MIT License
3.4k stars 244 forks source link

Protection against active adversaries, Mallory case #804

Closed romanho closed 2 months ago

romanho commented 8 months ago

Another question related to the audit by Taylor Hornby, a little bit different to issue 679. Citing p.4:

The problem is that the integrity of the file contents is bound just to the file ID and not to the file name and/or file path. Exchanging the (encrypted) names of two ciphertext files exchanges their plaintext contents. Mallory can decrypt any ciphertext file simply by copying the ciphertext into a ciphertext directory corresponding a directory he has access to in the mounted filesystem

Has anything changed to this? At least I didn't find anything in the issues here, but maybe I used wrong keywords...

In my planned application, an adversary would have full access to ciphertext as it's on a removable medium. And there are also cases where he can get at least read access at runtime so he's in the Mallory class mentioned in the audit.

rfjakob commented 7 months ago

Hi, no, nothing changed. If Mallory gets read access to a part of the plaintext, I would suggest to make two independent gocryptfs filesystems:

1) For stuff that should stay secret 2) For stuff that should be shared