In message <20040205031307.EE7CDB5DA@linkdead.gangsta.local>, VaX#n8 writes:
>Hi, here's a quick review of the state of the art in encrypted file systems:
>
>1) CFS - a decade old, won't work with new rpcgen.  Can be coaxed into
>compilation, but requires several make commands with different args.
>It's all user-level.  The code is functional but definitely not elegant.
>Supports 3DES, but no modern ciphers.  Probably easier to re-write than
>to turn into a nice system.

It's older than that -- according to Matt Blaze, the author, the RPC/
NFS core of CFS goes back to 1987 or thereabouts.  And he agrees with 
your bottom line -- it should be rewritten from scratch.

That said, before designing anything new it's worth rereading Matt's 
original paper to understand his design goals.  A rewrite might be more 
functional -- for some purposes and some goals -- than the alternatives.
What are you trying to do, and what are the threats you want to protect 
against?

Btw, if you do want to use CFS, it's in pkgsrc, with all the RPC 
hackery done for you.  

		--Steve Bellovin, http://www.research.att.com/~smb