Announcement

Collapse
No announcement yet.

Btrfs Authenticated File-System Support Looks To Be Revived

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Btrfs Authenticated File-System Support Looks To Be Revived

    Phoronix: Btrfs Authenticated File-System Support Looks To Be Revived

    Last year a SUSE developer sent out a set of patches adding authentication support to the Btrfs file-system. Btrfs already has checksums on meta-data blocks and data blocks while the original implementation of these authentication patches was performing HMAC on a SHA256 checksum as a keyed hash. A proper key in turn is then needed to mount a verified file-system...

    http://www.phoronix.com/scan.php?pag...ntication-2020

  • #2
    Since I was confused about its usefulness (on the mailing list thread):
    I'm thinking of a way to verify that a non-encrypted generic boot+startup data hasn't been tampered with.
    So, not encrypted, but signed data.

    Comment


    • #3
      Originally posted by phoronix View Post
      Phoronix: Btrfs Authenticated File-System Support Looks To Be Revived

      Last year a SUSE developer sent out a set of patches adding authentication support to the Btrfs file-system. Btrfs already has checksums on meta-data blocks and data blocks while the original implementation of these authentication patches was performing HMAC on a SHA256 checksum as a keyed hash. A proper key in turn is then needed to mount a verified file-system...

      http://www.phoronix.com/scan.php?pag...ntication-2020
      It's nice and all, but I would rather have actual subvolume encryption without having to use LUKS or ecrypts.

      Comment


      • #4
        HMAC...

        I came across that acronym, yet I passed CompTIA Security+ exam, became certified as of December 12th, 2019, and yet I did not remember what HMAC stand for, but I did know it is a hashing algorithm if I remember correctly. A quick Googling told me it is Hash-based Message Authentication Code. Heh... Better remember that in the future.

        A quick look at "HMAC" in the article and it reminded me of CompTIA Security+.

        I'm still waiting for my job in IT during the pandemic. (sigh)

        Comment


        • #5
          Originally posted by jacob View Post

          It's nice and all, but I would rather have actual subvolume encryption without having to use LUKS or ecrypts.
          Personally I would much rather have per subvolume "RAID" levels

          http://www.dirtcellar.net

          Comment


          • #6
            Originally posted by waxhead View Post

            Personally I would much rather have per subvolume "RAID" levels
            Quite honestly, is there any point at all in using anything other than RAID 10?

            Comment


            • #7
              Originally posted by GraysonPeddie View Post
              I came across that acronym, yet I passed CompTIA Security+ exam, became certified as of December 12th, 2019, and yet I did not remember what HMAC stand for, but I did know it is a hashing algorithm if I remember correctly.
              Sounds about right for a CompTIA exam... You can pass by knowing what some acronym stands for or maybe what port number some protocol uses; not necessarily by understanding what it actually does. Just pay your CE dues, I suspect that's all they really want. I just renewed my Sec+ for another 3 years... I find this cert pretty useless personally but every job I've ever had in IT expects you to have it so I can't let it lapse

              Comment

              Working...
              X