Threat model Dragon: https://nuetzlich.net/gocryptfs/threat_model/#gocryptfs-audit
In gocryptfs, each directory gets a gocryptfs.diriv file on directory creation. This file contains the random DirIV for file name encryption for this directory. It makes sure identical file names generate different ciphertext in each directory.
However when a directory is created, Dragon can immediately replace the gocryptfs.diriv file with a copy from another directory. When the DirIV is identical, identical file names generated identical ciphertext, so Dragon can see if a file name exists in both directories.
There is a technical solution to this problem.
[ Directory path ]
|
V
[ gocryptfs.diriv ] <--> [ two-way encryption ] <--> [ DIRIV ]
This prevents the adversary from choosing your DIRIV and the problems that causes.
The novelty here is that you can still do directory moves without recalculating all file contents.
Threat model Dragon: https://nuetzlich.net/gocryptfs/threat_model/#gocryptfs-audit
There is a technical solution to this problem.
This prevents the adversary from choosing your DIRIV and the problems that causes.
The novelty here is that you can still do directory moves without recalculating all file contents.