diff --git a/README.md b/README.md index d372af0c..910c8204 100644 --- a/README.md +++ b/README.md @@ -214,13 +214,13 @@ Feel free to fork it, change and use it in any way that you want. If you build s - Phantom reads: reading older content from a file, this is not possible. While writing, data is kept in a buffer and tmp file and on flushing that buffer we write the new content to the file (as per above the tmp file is moved into place with `mv`). After that we reset all opened readers so any reads after that will pickup the new content\ One problem that may occur is if we do a truncate we change the content of the file but the process is killed before we write the metadata with the new filesize. In this case next time we mount the system we are still using the old filesize but the content of the file could be bigger and we read until the old size offset. If content is smaller the read would stop and end-of-file of the actual content so this would not be such a big issue - What kind of metadata does it leak: close to none. The filename, actual file size and other file attrs (times, permissions, other flags) are kept encrypted. What it could possible leak is the following - - If a directory has children we keep those children in a directory with name as inode numiber with encrypted names of children as files in it. So we could see how many children a directory has, but we can't identify that actual directory name, we can just see it's inode number (internal representation like an id for each file) and we cannot see the actual filenames or directory or children + - If a directory has children we keep those children in a directory with name as inode numiber with encrypted names of children as files in it. So we could see how many children a directory has, but we can't identify that actual directory name, we can just see it's inode number (internal representation like an id for each file) and we cannot see the actual filenames of directory or children. Also we cannot identify which file content correspond to a directory child - Each file content is saved in a separate file so we could see the size of the encrypted content, but not the actual filesize - We can also see the last time the file was accessed - It's always recommended to use encrypted disks for at least your sensitive data, this project is not a replacement for that - In order to reduce the risk of encryption key to be exposed from memory it's recommended to disable mem dumps on the OS level. Please see [here](https://www.cyberciti.biz/faq/disable-core-dumps-in-linux-with-systemd-sysctl/) how to do it on Linux - Cold boot attacks: in order to reduce the risk of this we keep the encryption key in memory just as long as we really need it to encrypt/decrypt data and we are zeroing it after that. We also remove it from memory after a period of inactivity -- Please note that this project is not audited by any security expert. It's built with security in mind and tries to follow all the best practices, but it's not guaranteed to be secure. If you plan to use it for sensitive data, please consider auditing it or using a well-known solution +- Please note that this project is not audited by any security expert. It's built with security in mind and tries to follow all the best practices, but it's not guaranteed to be secure - **Also please backup your data, the project is still in development and there might be bugs that can lead to data loss** # Considerations