0

Good morning,

I was wondering, if encfs also encrypts the file names (presumably using the same key as that used to encrypt their contents) such that each encrypted filename or directory corresponds to a file or directory in the decrypted mount point directory, then wouldn't compromising the file system just be a matter of an attacker needing to know the name of one of the files on that system and working backward from there?

Is this what iv chaining is intended to prevent? From reading the wikipedia entry however it seems that the initialization vector for each file name can, in some cases, be derived from the file's parent directory. Isn't this also somewhat less secure, as an attacker could still try different directory and filename combinations?

vonbrand
  • 1,149
  • 2
  • 8
  • 16
Kevin VanDenBreemen
  • 1

1 Answers1

0

According to the extended introduction, they're quite explicit that metadata is not encrypted. So filenames and directory structure is stored in the clear.

There is an option to encrypt the filenames, but the material presented isn't clear about how the top level directories derive their own IV. If it's coming from the volume IV, then all the IVs used by files chain from the volume IV so will have a significantly random component; knowing the actual names of the files will reduce the time needed to break the IV on the volume as a whole, it will not bypass it.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300