Open vi opened 4 years ago
ZboxFS uses authenticated encryption (AEAD) before saving data to storage, that is, any malicious modification will cause decryption failure. But how much worse depends on which part has been tampered.
In any cases, ZboxFS will never execute data in the repo because any data is treated as plain bytes. Attackers can never inject any data into the repo without encryption key. If you're lucky, the repo may continues to work after tampering, any new data still be secured but some old data may be corrupted. When you read that corrupted file or directory, decryption error will happen.
Simply put, attackers can fully or partially damage the repo, but they cannot inject any data into the repo without being noticed.
So there's nothing like encryption settings (which can be set to "no encryption") in the superblock? (like attacker editing .encfs6.xml
in encfs)
No, there's no such settings. Everything must be encrypted before writing to storage, no exception.
If underlying files of zbox
file://
storage are modified by an attacker, what worst can happen?I expect only [selective, attacker-chosen] data loss, never executed malicious code or injected malicious data when I try to use that storage. If storage continues to work after tampering, I expect newly added data to be as secure as original data. Does it all hold true?