On Tue, Dec 19, 2000 at 07:14:10AM +0000, Alicia da Conceicao wrote:
> For those of us who carry around NetBSD laptops with valuable information,
> such as company source code and banking information, we desperately need
> a decent encrypted filesystem solution with minimum overhead.  Most
> solutions appear to be somewhat pseudo NFS based, the better ones I've
> seen are:
> 
> TCFS as a Cryptographic Filesystem Layer for NetBSD:
> 
> 	http://tcfs.dia.unisa.it/BSD/
> 
> 
> POrtable Dodgy Filesystems in Userland (hacK) version 2:
> 
> 	http://atrey.karlin.mff.cuni.cz/~machek/podfuk/podfuk.html
> 
> The first is only alpha and is not stable.  The latter is Linux based and
> uses coda software in userland.  No kernel modifications are needed except
> enabling coda.  So it should be easy to port from Linux to NetBSD, maybe
> it can even run under Linux emulation.
> 
> But the performance overhead from the both of these, and all other
> solutions I've come across is not acceptable!
> 
> Since laptops typically only have one operator, there is no need to use
> different keys for different users, one is enough.
> 
> The best solution would be to encrypt at the raw disk block level, using
> a single symmetric cipher like RC5, blowfish, 3DES, AES, etc.  That way
> we can still use our FFS filesystem.

I'm not sure this is the best, because you could have to encrypt/decrypt
to much data, which will hurt performances. You may also run in the
problem that the crypted data are biggers than the original.
A way to do this would be to write a layered filesystem that files, and
possibly files names in directory.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--