Update README + docs for v0.6 release

2015-12-08 16:41:45 +01:00 · 2015-12-08 16:41:45 +01:00 · 9419e7ae85
parent e3f35d38b5
commit 9419e7ae85
4 changed files with 32 additions and 17 deletions
--- a/Documentation/SECURITY.md
+++ b/Documentation/SECURITY.md
@ -15,7 +15,7 @@ The KEK is generated from the user password using `scrypt`.
 File Contents
 -------------

-All file contents are encrypted using AES-256-GCM.
+All file contents are encrypted using AES-256-GCM (Galois/Counter Mode).

 Files are segmented into 4KB blocks. Each block gets a fresh random
 96 bit IV each time it is modified. A 128-bit authentication tag (GHASH)
@ -37,8 +37,11 @@ File Names
 Every directory gets a 128-bit directory IV that is stored in each
 directory as `gocryptfs.diriv`.

-File names are encrypted using AES-256-CBC with the directory IV as
-initialization vector. The Base64 encoding limits the usable filename length
-to 176 characters.
+File names are encrypted using AES-256-EME (ECB-Mix-ECB wide-block encryption,
+see https://github.com/rfjakob/eme for details) with the directory IV
+as initialization vector. EME fixes the prefix leak that occours with CBC
+encryption.

 ![](https://rawgit.com/rfjakob/gocryptfs/master/Documentation/file-name-encryption.svg)
+
+The Base64 encoding limits the usable filename length to 176 characters.
--- a/Documentation/file-name-encryption.svg
+++ b/Documentation/file-name-encryption.svg
@ -149,9 +149,9 @@
     borderopacity="1.0"
     inkscape:pageopacity="0.0"
     inkscape:pageshadow="2"
-     inkscape:zoom="1.979899"
-     inkscape:cx="299.54034"
-     inkscape:cy="65.144047"
+     inkscape:zoom="2.8"
+     inkscape:cx="290.22759"
+     inkscape:cy="52.741737"
     inkscape:document-units="px"
     inkscape:current-layer="layer1"
     showgrid="true"
@ -186,7 +186,7 @@
        <dc:format>image/svg+xml</dc:format>
        <dc:type
           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
+        <dc:title />
      </cc:Work>
    </rdf:RDF>
  </metadata>
@ -267,7 +267,7 @@
         id="tspan4157-3-0-7-6-8"
         x="316.79153"
         y="309.39807"
-         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-CBC</tspan></text>
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00342369px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px">AES-256-EME</tspan></text>
    <path
       style="opacity:1;fill:none;fill-opacity:1;stroke:#000000;stroke-width:1;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;marker-end:url(#marker8559)"
       d="m 558.97059,270.16733 -169.78791,0.0896 0,17.75633"
@ -359,14 +359,14 @@
    <text
       xml:space="preserve"
       style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:90.01774597px;line-height:125%;font-family:Arial;-inkscape-font-specification:'Arial Bold';letter-spacing:67.66333771px;word-spacing:0px;fill:#aa00d4;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
-       x="462.66055"
+       x="456.66174"
       y="266.66168"
       id="text4155-88-3-5-0"
       sodipodi:linespacing="125%"
       transform="scale(1.0001971,0.99980293)"><tspan
         sodipodi:role="line"
         id="tspan4157-9-7-3-8"
-         x="462.66055"
+         x="456.66174"
         y="266.66168"
         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:15.00295734px;font-family:sans-serif;-inkscape-font-specification:sans-serif;letter-spacing:0px;fill:#aa00d4">IV</tspan></text>
    <rect
--- a/Documentation/performance.txt
+++ b/Documentation/performance.txt
@ -2,11 +2,12 @@ All test performed on tmpfs, /tmp/a mounted on /tmp/b.
 The used test archive is https://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.tar.gz .

 UNTAR: tar xfz ../linux-3.0.tar.gz
-LS: ls -lR > /dev/null
-RM: rm -rf linux-3.0
+LS: ls -lR linux-3.0 > /dev/null
+RM: rm -Rf linux-3.0

 VERSION         UNTAR    LS     RM
 v0.4               48     1.5    5
 v0.5-rc1           56     7     19
 v0.5-rc1-1         54     4.1    9
-v0.5-rc1-2         45     1.7	 3.4
+v0.5-rc1-2         45     1.7    3.4
+v0.6               47     1.8    4.3
--- a/README.md
+++ b/README.md
@ -6,10 +6,10 @@ gocryptfs is built on top the excellent
 [go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its
 LoopbackFileSystem API.

-This project was inspired by [EncFS](https://github.com/vgough/encfs)
-and strives to fix its security issues (see EncFS tickets 9, 13, 14, 16).
+This project was inspired by EncFS and strives to fix its security
+issues while providing good performance.
 For details on the security of gocryptfs see the
-[SECURITY.md](Documentation/SECURITY.md) document.
+[SECURITY.md](Documentation/SECURITY.md) design document.

 Current Status
 --------------
@ -97,6 +97,17 @@ The output should look like this:
 Changelog
 ---------

+v0.6
+* **Wide-block filename encryption using EME + DirIV**
+ * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes
+   the prefix leak. The used Go EME implementation is
+   https://github.com/rfjakob/eme which is, as far as I know, the first
+   implementation of EME in Go.
+ * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems
+   created by earlier version but not the other way round.
+* New command-line option:
+ * `-emenames`: Enable EME filename encryption (default true)
+
 v0.5
 * **Stronger filename encryption: DirIV**
 * Each directory gets a random 128 bit file name IV on creation,