-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it.
I'm using version 1.4.1, rpms kindly provided by Karan on his repository.
My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is less than optimal.
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
TIA,
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
On Fri, 2007-02-02 at 02:07 -0200, Rodrigo Barbosa wrote:
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
I use fuse and encfs. I like it. Have not really tried to use CFS, but have meddled with losetup but don't really like the fact that everything is in 1 BIG chunk of a file.
Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it.
I'm using version 1.4.1, rpms kindly provided by Karan on his repository.
My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is less than optimal.
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
I have not tried TrueCrypt yet, only read about it. Maybe it would be useful as well. http://www.truecrypt.org
On Thu, 2007-02-01 at 23:23 -0600, Barry Brimer wrote:
Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it.
I'm using version 1.4.1, rpms kindly provided by Karan on his repository.
My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is less than optimal.
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
I have not tried TrueCrypt yet, only read about it. Maybe it would be useful as well. http://www.truecrypt.org
Truecrypt is the only cross platform crypt system/software I know about. However, last I check, it is not FOSSware. It's only FreeWare.
Truecypt again, uses a file as a storage block.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Feb 02, 2007 at 01:27:41PM +0800, Ow Mun Heng wrote:
On Thu, 2007-02-01 at 23:23 -0600, Barry Brimer wrote:
Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it.
I'm using version 1.4.1, rpms kindly provided by Karan on his repository.
My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is less than optimal.
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
I have not tried TrueCrypt yet, only read about it. Maybe it would be useful as well. http://www.truecrypt.org
Truecrypt is the only cross platform crypt system/software I know about. However, last I check, it is not FOSSware. It's only FreeWare.
It is more like "MessWare". Check this small opening text for the License.txt file:
The TrueCrypt Collective License consists of several distinct licenses, which are contained in this document (separated by lines consisting of underscores) and which are, in this section, referred to as component licenses. Each of the component licenses applies only to (portions of) the source code file(s) in which the component license is contained or in which it is explicitly referenced, and to compiled or otherwise processed forms of such source code. None of the component licenses applies to this product as a whole, even when it uses the phrase "this product" or any other equivalent term/phrase. Unless otherwise stated, graphics and files that are not part of the source code are covered solely by the TrueCrypt License. Note: The TrueCrypt License is one of the component licenses of which the TrueCrypt Collective License consists.
Truecypt again, uses a file as a storage block.
Which is a big problem. Easy to get everything corrupted.
I have 2 problems while using cfs so far. Both were due to a small problem on the ext2 filesystem where it was stored. I was copying a file to the cfs filesystem (both on the same ext2 fs).
I've got a complete lockdown on cfsd, and had to hardboot the machine. In both cases, I've lost nothing, and only the specific file I was copying, on the destination, was "lost" (partially copied). It gave me a VERY good impression of cfs' robustness.
Not sure if I've made myself clear here (3:43am, english not primary language, blah blah blah). Ask for clarifications if this ended up confusing.
Best Regards,
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
On Fri, 2007-02-02 at 03:44 -0200, Rodrigo Barbosa wrote:
Truecypt again, uses a file as a storage block.
Which is a big problem. Easy to get everything corrupted.
Which is why I don't like it..
I have 2 problems while using cfs so far. Both were due to a small problem on the ext2 filesystem where it was stored. I was copying a file to the cfs filesystem (both on the same ext2 fs).
Is CFS a file-by-file encryption or file-based block encryption?? (I forget)
I've got a complete lockdown on cfsd, and had to hardboot the machine. In both cases, I've lost nothing, and only the specific file I was copying, on the destination, was "lost" (partially copied). It gave me a VERY good impression of cfs' robustness.
That sounds Good. heh..
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Feb 02, 2007 at 01:53:29PM +0800, Ow Mun Heng wrote:
I have 2 problems while using cfs so far. Both were due to a small problem on the ext2 filesystem where it was stored. I was copying a file to the cfs filesystem (both on the same ext2 fs).
Is CFS a file-by-file encryption or file-based block encryption?? (I forget)
File-by-file.
I've got a complete lockdown on cfsd, and had to hardboot the machine. In both cases, I've lost nothing, and only the specific file I was copying, on the destination, was "lost" (partially copied). It gave me a VERY good impression of cfs' robustness.
That sounds Good. heh..
On the other hand, CFS is VERY succeptible to a nasty nfs related deadlock. The scenario is easy to imagine.
Say cfsd tried to write to the disk and has to wait. Then, you will get a nfs timeout. Since you have a nfs timeout, processed will stall. Since cfsd is stalled, you can't get out of the timeout.
I'm still trying to figure out the best way to solve this. Maybe multithreading cfsd, or maybe simply using O_NONBLOCK. If I can think of a good way to solve this, I might be able to patch it. I'm not sure about the O_NONBLOCK solution. It is kind of basic, and someone would have though of it before is it was all it takes, I guess.
This condition is VERY easy to trigger for me, if I copy a file from to the crypted filesystem, and both (crypted and non-crypted) as located on an external USB disk I have here.
I wonder how eCrypt (with is on the newer stock kernel, and likely on CentOS 5) works. Is it file-by-file too ?
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Feb 02, 2007 at 05:04:53AM -0200, Rodrigo Barbosa wrote:
I've got a complete lockdown on cfsd, and had to hardboot the machine. In both cases, I've lost nothing, and only the specific file I was copying, on the destination, was "lost" (partially copied). It gave me a VERY good impression of cfs' robustness.
That sounds Good. heh..
On the other hand, CFS is VERY succeptible to a nasty nfs related deadlock. The scenario is easy to imagine.
Say cfsd tried to write to the disk and has to wait. Then, you will get a nfs timeout. Since you have a nfs timeout, processed will stall. Since cfsd is stalled, you can't get out of the timeout.
I'm still trying to figure out the best way to solve this. Maybe multithreading cfsd, or maybe simply using O_NONBLOCK. If I can think of a good way to solve this, I might be able to patch it. I'm not sure about the O_NONBLOCK solution. It is kind of basic, and someone would have though of it before is it was all it takes, I guess.
This condition is VERY easy to trigger for me, if I copy a file from to the crypted filesystem, and both (crypted and non-crypted) as located on an external USB disk I have here.
Ok, I'm giving up on CFS, at least for now. Since I already use fuse for a lot of stuff (sshfs, obexfs and mysqlfs), I'm trying encfs now.
Will let you know how it turns out.
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, Feb 02, 2007 at 04:14:33PM +0800, Ow Mun Heng wrote:
On Fri, 2007-02-02 at 06:00 -0200, Rodrigo Barbosa wrote:
Ok, I'm giving up on CFS, at least for now. Since I already use fuse for a lot of stuff (sshfs, obexfs and mysqlfs), I'm trying encfs now.
What is MySQLfs?? (sorry, no I-net access at work)
Exactly what you would imagine. A filesystem stored inside a mysql database.
Unfortunatelly, it is still too slow to be useful in a production environment.
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, Feb 01, 2007 at 11:23:52PM -0600, Barry Brimer wrote:
Anyone else using CFS on CentOS 4.4 ? I have started using it today (unimportant stuff for now, for testing), and am wondering what are other people experiences with it.
I'm using version 1.4.1, rpms kindly provided by Karan on his repository.
My main concern is data loss, not security itself. From what I noticed, the strenght of CFS crypto is less than optimal.
CFS right now looks like a very convenient solution. Much easier than the losetup stuff (which is a PITA).
I have not tried TrueCrypt yet, only read about it. Maybe it would be useful as well. http://www.truecrypt.org
PITA. Needs the kernel source to compile. Which might (probably) indicate you will need to recompile it whenever you upgrade your kernel.
Anyway, read about it, and it sounds interesting. But a little bit too much for my current needs.
Tkx for the pointer. I might check it again in the future.
[]s
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-
Barry Brimer -
Ow Mun Heng -
Rodrigo Barbosa