Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263274AbUDMQ5L (ORCPT ); Tue, 13 Apr 2004 12:57:11 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263598AbUDMQ5L (ORCPT ); Tue, 13 Apr 2004 12:57:11 -0400 Received: from kinesis.swishmail.com ([209.10.110.86]:52744 "EHLO kinesis.swishmail.com") by vger.kernel.org with ESMTP id S263274AbUDMQ47 (ORCPT ); Tue, 13 Apr 2004 12:56:59 -0400 Message-ID: <407C1BEC.30801@techsource.com> Date: Tue, 13 Apr 2004 12:57:16 -0400 From: Timothy Miller MIME-Version: 1.0 To: Guillaume@Lacote.name CC: linux-kernel@vger.kernel.org, Linux@glacote.com Subject: Re: Using compression before encryption in device-mapper References: <200404131744.40098.Guillaume@Lacote.name> In-Reply-To: <200404131744.40098.Guillaume@Lacote.name> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1577 Lines: 35 Guillaume Lac?te wrote: > Hi, > > I hope this is the right place to post this message; I tried to keep it small. > Basically I really would like to implement compression at the dm level, > despite all of the problems. The reason for this is that reducing redundancy > through compression tremendously reduces the possibilities of success for an > attacker. I had implemented this idea in a java archiver ( > http://jsam.sourceforge.net ). > > Although I am not a good kernel hacker, I have spent some time reading > compressed-loop.c, loop-aes, dm-crypt.c, and various threads from lkml > including http://www.uwsg.iu.edu/hypermail/linux/kernel/0402.2/0035.html > Thus I would appreciate if you could answer the following questions regarding > the implementation of a "dm-compress" dm personality. > [snip] I have a suggestion. If you're compressing only for the sake of obfuscation, then don't really try to save any space. Use a fast compression algorithm which doesn't necessarily do a great job. When you're going to write, compress the block. If it gets smaller, fine. Store it in the same space it would have required even if it were uncompressed. If the block gets bigger, then store it uncompressed. Whether or not the block could be compressed would be stored in metadata (in the inode, I guess). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/