eCryptfs

Add support for GCM cipher mode

Bug #1176448 reported by Ron
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
eCryptfs
Triaged
Wishlist
Unassigned

Bug Description

Suggest adding support for GCM cipher mode (commonly used with AES algorithm).

in terms of performance, it would have great impact. it is fully parallelizable, and thus we will see nice performance boost both on x86 machines with AES-NI instructions, and also on other vendors with hardware engines that will now work more effectively.

in terms of security, this mode is used in many other places (e.g. already integrated into TLS), and it supports Encryption & Authentication, so we can add future support Digital-Signature on specific files (for cases were content is not secret, but must be unchanged)

Michael Chang (thenewme91)
Changed in ecryptfs:
assignee: nobody → Michael Chang (thenewme91)
Revision history for this message
Will Morrison (william-barr-morrison) wrote :

This is the goal of a project being done by a team of 4 right now. The 4 working on it are Micheal Chang, Zameer Manji, Alvin Tran, and myself.

Revision history for this message
Jonathan Buhacoff (xalqor) wrote :

I saw patches were submitted by W Morrison, M Chang, Z Manji, & A Tran in 2014... but they are not merged in and I'm wondering if anyone has plans to follow up on their work?

Links to mailing list messages:

* http://www.spinics.net/lists/ecryptfs/msg00487.html
* http://www.spinics.net/lists/ecryptfs/msg00488.html
* http://www.spinics.net/lists/ecryptfs/msg00489.html
* http://www.spinics.net/lists/ecryptfs/msg00490.html
* http://www.spinics.net/lists/ecryptfs/msg00495.html

Revision history for this message
Michael Chang (thenewme91) wrote : Re: [Bug 1176448] Re: Add support for GCM cipher mode

We aren't planning any further work on it at this time. However, if you
plan to pick up the patches:

Quoting W Morrison:

"I think there could be progress made on the partial rollback problem.
That's the problem we have where an attacker with RW access to the
ciphertext could roll back one page to a previous version without changing
the rest of the file, and this would go unnoticed."

On Dec 14, 2016 6:30 AM, "Jonathan Buhacoff" <email address hidden> wrote:

> I saw patches were submitted by W Morrison, M Chang, Z Manji, & A Tran
> in 2014... but they are not merged in and I'm wondering if anyone has
> plans to follow up on their work?
>
> Links to mailing list messages:
>
> * http://www.spinics.net/lists/ecryptfs/msg00487.html
> * http://www.spinics.net/lists/ecryptfs/msg00488.html
> * http://www.spinics.net/lists/ecryptfs/msg00489.html
> * http://www.spinics.net/lists/ecryptfs/msg00490.html
> * http://www.spinics.net/lists/ecryptfs/msg00495.html
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1176448
>
> Title:
> Add support for GCM cipher mode
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ecryptfs/+bug/1176448/+subscriptions
>

Jason Xing (wlxing)
Changed in ecryptfs:
status: New → Opinion
Revision history for this message
Tyler Hicks (tyhicks) wrote :

@Jason This bug should not be closed as 'Opinion'. It is a fact that eCryptfs doesn't support GCM mode. Bug like this should be marked as 'Triaged' with an importance of 'Wishlist'. Thanks!

Changed in ecryptfs:
assignee: Michael Chang (thenewme91) → nobody
importance: Undecided → Wishlist
status: Opinion → Triaged
Revision history for this message
Jason Xing (wlxing) wrote :

Yes, I understand that. I thought it can be discussed or marked as "triaged". But I do not have the privilege to mark as triaged and modify the importance of "Wishlist".

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.