Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to use the eCryptfs of Linux". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Install the eCryptfs sudo apt-get install ecryptfs-utils encrypted directory to create an encrypted directory

Bash mkdir-p / disk2/.Private chmod 755 / disk2/.Private is hung in the directory as ecryptfs

Bash sudo mount-t ecryptfs / disk2/.Private / disk2

Note: be sure to remember Passphrase, cipher and key bytes

Unmount the directory sudo umount / disk2 after unmounting the directory, the original files cannot be read, and the folder cannot be read or written properly until it is remounted correctly.

The deficiency of eCryptfs is the poor performance of write operation. The author tests the performance of eCryptfs with iozone and finds that the cost of read operation is not too high, which is reduced by 29% at most, while the performance of some small file test projects is better. For write operations, the results of all test projects are very poor, generally reduced by about 16 times. This is because only plaintext is stored in Page Cache, so the first data read requires decryption operation, and the subsequent read operation has no overhead. Each time you write x-byte data, it will involve ((x-1) / extent_size + 1) * extent_size byte encryption operation, so it is expensive.

There are two situations that may lead to information disclosure: a. When the system runs out of memory, the plaintext pages of encrypted files in Page Cache may be swapped to the swap area. The current solution is to encrypt the swap area with dm-crypt. b. It is also possible for an application to read an encrypted file and write some of its contents as temporary files to a directory where the eCryptfs is not mounted (such as directly to / tmp). The solution is to configure the application or modify its implementation.

The security of eCryptfs implementation depends entirely on the security of the operating system itself. If Linux Kernel is compromised, hackers can easily get the plaintext, FEK and other important information of the file.

This is the end of the content of "how to use the eCryptfs of Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.