Zbr's days.

←July →
Sun Mon Tue Wed Thu Fri Sat

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

←2008→
Months

Jan Feb Mar

Apr May Jun

Jul Aug Sep

Oct Nov Dec

/(1610)

devel(909)

acrypto(35)

hifn(12)

arm(1)

captcha(9)

dst(96)

eventfs(3)

flat(61)

fs(165)

kevent(110)

aio(7)

math(17)

bezier(3)

codes(5)

hash(8)

networking(195)

dns(13)

nta(27)

unetstack(4)

zcs(7)

other(164)

sh(17)

sky(2)

threading(25)

life(312)

photo(1)

other(96)

About TODO Blog RSS Old blog Projects Gallery Notes

Wed, 02 Jul 2008

POHMELFS crypto: feel incredibly stupid.

First, POHMELFS does need to have encryption. Because I plan to use distributed hash table approach in server (well, consider POHMELFS kernel client as a kind of bittorrent filesystem client), and as in any non-centralized system, content transferred via uncontrolled data channels has to be encrypted.

But... I'm incredibly stupid: I implemented encryption and decryption in place, i.e. VFS page is being encrypted prior to be written to the servers, so subsequent reading leads to... Yes, it reads encrypted content.
To fix this issue I plan to encrypt data into different pages and send them, leaving VFS ones as is. There are two approaches I consider:

allocate and send pages at writeback time - we want to send 5 pages, so allocate 5 pages, encrypt data into them and broadcast them to all needed servers.
allocate (potentially large) pool of pages at mount time per crypto thread and encrypt data into them. This will have about zero run-time overhead for VFS, except slightly delayed because of encryption write completion.

/devel/fs :: Link / Comments (7)

Zoka wrote at 2008-07-02 15:00:

Have you considered Curve25519 elliptic-curve encyption? http://cr.yp.to/ecdh.html elliptic

Zbr wrote at 2008-07-02 16:12:

Dr. Bernstein programming practice is not really a good way to follow, it can be brilliant, but its usage and extending is so much horrible (did his codying style change since djbdns?)
I will take a look from theoretical point if view for sure (although do not like '... is a state-of-the-art ...' introduction :) , maybe it will be used for key negotiation.

anon wrote at 2008-07-02 23:02:

please let there be an option to turn off encryption... i'd like to use something like pohmelfs in a controlled (cluster) environment. there you try to move the security fences around to avoid internal overheads. not perfect, but file write performance ends up being a limiting factor for me pretty often.

Zbr wrote at 2008-07-02 23:45:

Sure: one can have crypto hashing (or digest without key), data encryption, both or neither right now.

Bruce wrote at 2008-07-03 05:28:

option 2 may also help avoid deadlocks (if a memory allocation triggers writes which requires further allocations).

Zoka wrote at 2008-07-03 06:25:

Simple C implementation (500 lines) of curve25519 can be found here:
http://code.google.com/p/obstcp/source/browse/trunk/patches/curve25519?r=17

Zbr wrote at 2008-07-03 15:09:

Thanks for the link, I will take a look, but I think without proper understanding of the algorithm I can not judge the implementation, so will try to study Bernstein papers first.

Please solve this captcha to be allowed to post (need to reload in a minute): 44 - 34