Comments (13)
If the file name for the diriv is specified at the init phase, it could be stored in the conf file. Defaulting to gocryptfs.diriv would keep backward compatibility.
from gocryptfs.
Yes, the dot in the file name makes sure there are no collisions with encrypted files (this is also true for gocryptfs.diriv
, where the dot is in the middle).
I though about calling the file just .diriv
. The thing is, dot files are hidden by default, and users may miss the file when they take a backup of their encrypted files.
from gocryptfs.
from gocryptfs.
thx for the quick response
from gocryptfs.
I would prefer to remove the "gocryptfs" part of the "gocryptfs.diriv" files to hide the used tool. Or is it plain simple to determine the used tool from the data in the encrypted folder?
I know, this is security by obscurity. But the less information one can get directly from the encrypted data, the better I feel ;-)
from gocryptfs.
I'm sure it's possible to identify it from the file content (for example, there is a two-byte version header in every file, currently 0x0002). But it does take more work and skill to do it.
I don't think I will want to add a command-line option for that, but if you don't mind compiling yourself, it's just the DirIVFilename
constant in diriv.go:
https://github.com/rfjakob/gocryptfs/blob/master/internal/nametransform/diriv.go#L20
Contact me should anything break.
from gocryptfs.
Thanks a lot for the reply. Yes, I could change the constant and compile it my self. But I do that mostly for test cases and normally try to go with the standard packages from the distributions (my Gentoo time is about 15 years ago).
Using only ".diriv" would have another neat effect to have this special file better separated from the encrypted content. Especially with raw64, there won't be other files or folders starting with a dot.
from gocryptfs.
It's true regarding hidden dot files could be a problem for inexperienced users. But they are widely used in Unix for other files which needs to be backed up.
Therefore, an explicit options to use .diriv could be a viable solution.
from gocryptfs.
OK, compiled by myself. Had to change some occurrences in fs_dir.go
too (tmpName). Seems to work and I'll do more tests so I can replace my EncFS fodlers. Thanks for your help.
from gocryptfs.
Sorry for bumping old topic, but...
Is there any chance for change this file name to dot diriv ?
Also, why pattern of filename couldnt be placed into gocryptfs.conf file?
from gocryptfs.
So the goal is to somewhat hide that gocryptfs is used, right? Wouldn't it be best to use a "random crap" filename like asd3Etsdg4t2.nszhe5X
?
from gocryptfs.
I would say not to completely hide, but at least it wouldn't be obviously from the first look.
It would be better to have an option to set this filename to "random crap" (you mean filename will be different in every directory, right?), because it may look weird, when you have a one "randomcrap" little file in each directory and no other files (in some other directories).
And when you have just dot file like a folder.ico or thumbnail.jpg or something like that, it looks okay.
from gocryptfs.
Just two thoughts, both valid only when using encoded filenames.
- Encoded files can be recognised by the string length of their encoded file name (21 bytes for the shortest, 43 for longer names, etc., so probably some base64 encoded result of encryption to 16-byte long blocks). So any filename with a different length would set it apart as this is not an encoded file, but a gocryptfs special file
- The diriv file is only 16 bytes long. Why use a separate file for that? These 16 bytes base64-encoded to 21 chars can be added to the directory name itself, as prefix or suffix, eventually separated by a dot to provide for a future change of IV length. For the base directory the IV could be added to the gocryptsfs.conf file.
from gocryptfs.
Related Issues (20)
- Huge speed drop when file size exceeds around 300-500 GB over SSHFS
- Inconsistent content of gocryptfs.diriv HOT 4
- Protection against active adversaries, Mallory case HOT 1
- Error compile in fedora HOT 1
- macos: can't remove empty directory, ._gocryptfs.diriv problem
- feat: Add support for masking symlinks
- force_owner not working in reverse mode
- [Feature Request] Add an option to unmount
- Horribly fragmented files HOT 4
- Test failures on Fedora 39: TestFileHoleCopy, TestAccessVirtualDirIV HOT 1
- Encrypted folder does not unmount when user logs out from KDE (SDDM)
- Fedora Silverblue deletig folder content! HOT 8
- I can't access the contents of my encrypted files HOT 3
- Feature request: export files directly to disk (without FUSE mount) HOT 2
- chown not working in mounted sub-folder HOT 3
- Unimplemented opcode OPCODE-52 (STATX) HOT 4
- CPU benchmark for the collection HOT 3
- 2.4.0 Fails to build on M1 Sonoma 14.3 HOT 2
- directory init and masterkey arg
- xattrs support missing from reverse mode HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gocryptfs.