*BSD News Article 78770


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mira.net.au!news.vbc.net!garlic.com!news.scruz.net!kithrup.com!news.Stanford.EDU!nntp-hub2.barrnet.net!cpk-news-feed2.bbnplanet.com!cpk-news-hub1.bbnplanet.com!www.nntp.primenet.com!nntp.primenet.com!cs.utexas.edu!newshost.convex.com!cnn.exu.ericsson.se!eua.ericsson.se!news.algonet.se!news.uoregon.edu!raffles.technet.sg!nf4.iij.ad.jp!news.iij.ad.jp!news.CET.CO.JP!usenet
From: Michael Hancock <michaelh@cet.co.jp>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Compressed file system?
Date: Fri, 20 Sep 1996 19:28:59 -0700
Organization: CET
Lines: 67
Message-ID: <324352EB.31CC@cet.co.jp>
References: <nziB1PQ@quack.kfu.com> <32399631.2044E89@lambert.org>
NNTP-Posting-Host: chaos.cet.co.jp
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0b7Gold (WinNT; I)

Terry Lambert wrote:
> 
> Nick Sayer wrote:
> >
> > There has been talk about crypto file systems, but is any work
> > happening on a compressed filesystem for FreeBSD?
> 
> Two of John Heidemann's graduate students implemented a compressing
> FS stacking layer as part of a class project.  The code is not
> available for wide release, but I'd have to say that file level
> FS compression is an almost trivial task.
> 
> His thesis also shows that work in producing a cryptographic layer
> has been implemented as well.  Other than embedding passwords into
> the path via POSIX escapes ("//password/path/to/file"), I don't
> see an easy access method, apart from implementing a session
> manager as a credential holder.  Currently, the namei() is not

Here's an excerpt from Matt Blaze's implementation:

CFS runs under SunOS and several other BSD-derived systems with NFS.
It is implemented entirely at user level, as a local NFS server
running on the client machine's "loopback" interface.  It consists of
about 5000 lines of code and supporting documentation.  You must have
"root" access to install CFS.

CFS was first mentioned at the work-in-progress session at the Winter
'93 USENIX Conference and was more fully detailed in:

    Matt Blaze. "A Cryptographic File System for Unix", Proc. 1st ACM
    Conference on Computer and Communications Security, Fairfax, VA,
    November 1993. (PostScript available by anonymous ftp from
    research.att.com in the file dist/mab/cfs.ps.)

and in

    Matt Blaze. "Key Management in an Encrypting File System", Proc.
    Summer '94 USENIX Tech. Conference, Boston, MA, June 1994.
    (PostScript available by anonymous ftp from research.att.com
    in the file dist/mab/cfskey.ps.)

Version 1.3 of CFS also includes ESM, the Encrypting Session Manager.
ESM provides shell-to-shell encrypted sessions across insecure links
and requires no OS or network support.  It is useful for typing cfs
passphrases when logged in over the network.  ESM needs RSAREF 2.0 to
compile and is tested only on SunOS and BSDI.  ESM is the first released
part of a suite of session encryption tools that are described in

    Matt Blaze and Steve Bellovin. "Session-layer Encryption."
    Proc. 1995 USENIX Security Workshop, Salt Lake City, June 1995.
    (PostScript is available from
    ftp://research.att.com/dist/mab/sesscrypt.ps)

The new version of CFS differs from the version described in the
papers in a few ways:

* The DES-based encryption scheme has been strengthened, and now
provides greater security but with the online latency of only
single-DES.

...
...

Regards,


Mike Hancock