[OpenAFS] fs setcrypt benchmarks?

[Phil.Moore@morganstanley.com]

>>>>> "Jim" == Jim Rees <rees@umich.edu> writes:

Jim> Using fcrypt adds a great deal of security.  It's one of the best
Jim> things you can do.

Jim> Without fcrypt, any passive snooper can read your files.  With
Jim> it, today, a determined adversary might be able to read your
Jim> files, but is more likely to abandon snooping in favor of social
Jim> engineering, insider theft of tokens or other local machine
Jim> attacks, dictionary attacks on your password, etc.  Any security
Jim> feature that makes your adversary abandon an entire attack method
Jim> (snooping) is well worth doing.

Jim> The talk about fcrypt weakness mostly has to do with key size.
Jim> Nothing really needs to be done about this today unless you are
Jim> someone like Phil Moore, who uses afs to store large sums of
Jim> money (presumably).  He won't talk about it but I'll bet he's
Jim> using an extra layer of application encryption any place he's
Jim> really concerned about (so do I).

Yeah, well, I really *can't* talk about it in as much detail as I
would like, but our primary use of AFS is for deploying applications
in replicated volumes.  Although we do have sensitive information in
the read/write areas of AFS, we have closed networks, snooping, while
not entirely impossible, is not considered a primary threat to our
environment.

Auditing the security of our applications is on going nightmare (as it
is with any huge enterprise like ours), and its an area that is still
maturing.