Encryption - motivation
Added 2016-09-06 04:21:00 +0000 UTCJust saw this really excellent article about disk encryption - this explains better than I could the issues with encryption at the block layer:
http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/
This also explains the motivation for doing encryption in bcachefs: with a copy on write filesystem, where we can take the needs of encryption into account when we're designing it and specifying the on disk format, we have an opportunity to do a whole lot better than the current state of the art.
In particular (and I should say this more explicitly in the design doc) - the goal is to be secure even when the disks are on network attached storage (e.g. iSCSI), and an attacker controls the storage server. Existing full disk encryption is definitely not good enough in that situation.
Comments
I think the dual-boot/multi-boot Ubuntu encryption situation may be caused by GRUB2? I don't know for sure. Will GRUB2 support bcachefs soon? I think file/directory encryption is good to have (yes, weaker than whole file system, but better than nothing), in case the disk itself is not already encrypted, that said, if it's also possible to encrypt the entire bcachefs partition later (even if it's been resized previously), that would be brilliant. Scary situation: if the computer fails but the disk drive still works, would the encrypted data still be available for the user to unlock, by placing the drive in another computer with Linux already installed?
Dave494
2016-09-20 16:44:34 +0000 UTCYes, absolutely. It's just the filesystem partition itself that gets encrypted. Per file/per directory encryption would be a nice feature to have - the trouble is, it's weaker than whole-filesystem encryption. I might add it later as a separate, additional feature.
Kent Overstreet
2016-09-20 15:53:59 +0000 UTCWould it be possible to use bcachefs full disk encryption when dual-booting with Windows? As a Ubuntu Linux user, I've discovered that it will only encrypt the entire disk (currently with ext4), but not the Ubuntu partition when dual-booting with Windows or any other OS. I'm definitely for bcachefs and I would be happy to put it through real-world use on more than one computer (and report back any bugs), if I could select it from the Ubuntu GUI installer in future; it already offers several file system choices, from memory I know it offers a choice of: xfs, btrfs, ext2/3/4, jfs and others. Add bcachefs to the list and many more users can test it. File and directory (folder) encryption, good or bad idea? Would be better than no encryption - i.e. when full disk encryption is not already in use. Maybe it's better to encrypt individual files/directories with a different password/key in case an attacker gains access to the whole disk (encrypted or not)?
Dave494
2016-09-20 15:04:15 +0000 UTCWhat is interesting is how the whole attitude to encryption has changed over the last few years. Knowing how key it is for any kind of universal acceptance it is better to get it right than to crowbar in the wrong solution. Fortunately there are lot of people a lot smarter than me who know what that is. Keep up the good work
veritanuda
2016-09-06 08:20:54 +0000 UTCHeh, I read that same article today, from the comments section on an HN article about OpenBSD's block crypto.
Brady OBrien
2016-09-06 08:01:17 +0000 UTC
