Gocryptfs: Why use AES-256-EME to encrypt file names?

Created on 28 Apr 2017  路  2Comments  路  Source: rfjakob/gocryptfs

It's error prone to create your own crypto implementation ( https://github.com/rfjakob/eme ). Not easy to get it right. And it looks like AES-EME is not an authenticated encryption.

AES-GCM is being used to encrypt file contents. Why not use AES-GCM to encrypt file names as well?

question
Source
picture anysync

Most helpful comment

Good question! File name encryption is a little bit special because it needs to be deterministic. AES-GCM needs a random nonce, which means that the a file name like example.txt has a virtually infinite number of encrypted representations. This makes checking for duplicates and even opening an existing file inefficient. You'd basically have to read the whole directory and decrypt everything all the time.

picture rfjakob on 29 Apr 2017
👍2

All 2 comments

Good question! File name encryption is a little bit special because it needs to be deterministic. AES-GCM needs a random nonce, which means that the a file name like example.txt has a virtually infinite number of encrypted representations. This makes checking for duplicates and even opening an existing file inefficient. You'd basically have to read the whole directory and decrypt everything all the time.

rfjakob picture rfjakob on 29 Apr 2017
👍2

I'm gonna close this. Feel free to reopen if other questions!

rfjakob picture rfjakob on 3 May 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

emreuenal picture emreuenal  路  12Comments
slackner picture slackner  路  14Comments
brain-freeze picture brain-freeze  路  18Comments
ccchan234 picture ccchan234  路  8Comments
brainchild0 picture brainchild0  路  5Comments