[OpenAFS] data encryption

Derek Atkins warlord@MIT.EDU
04 Jan 2001 12:39:30 -0500


Did it require changes to the server or just the client?  I'd
certainly be interested in this patch (as would a bunch of others, I'm
sure) if you could find it.


Jim Rees <rees@umich.edu> writes:

> We have been using full data encryption in our Transarc afs cell for about a
> year now.  Before that, cpu load on the server was a problem, but upgrading
> from a Sparc IPC to a Sparcstation (something) solved that.
> The Transarc code requires a couple of small patches to make this work.  The
> code is all there but "fs" needs to be able to turn encryption on and off,
> and the encryption flag needs to get carried down to the proper place.  I
> haven't looked at that part of the OpenAFS code but it shouldn't be hard.
> The fcrypt altgorithm is better than nothing but less than ideal.
> NFS v4 uses gss for authentication and encryption.  I suspect that's
> overkill for afs, but it has some nice features.  For example, the OpenBSD
> client will eventually use the OpenBSD kernel crypt library, and that means
> a choice of algorithms, as well as hardware acceleration where it's
> available.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-info

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available