Comment 36 for bug 344878
Revision history for this message
| Tyler Hicks (tyhicks) wrote Re: [Bug 344878] Re: file name to long when creating new file (ecryptfs_lookup: lookup_one_len() returned [-36] on lower_dentry) | #36 |
On 07/28/2010 09:44 AM, Tim Gardner wrote:
> ... how about... if the encrypted file name is too long then
> just use the unencrypted name on the lower file system ?
Dustin has suggested this before and while it would make our lives as
developers easier, I don't like it from a security standpoint. You
either want a security feature or you don't. If a user turns this on to
make some application work in their encrypted home, now they have to
make sure they don't create a meaningful file name that is 144 chars or
longer.
I much rather prefer a mount option to load a file name key encryption
key to decrypt old file names, but not encrypt any new file names. The
decision to encrypt or not is much more predictable.