diff options
| author |  Joey Hess <joey@kitenet.net> | 2011-04-03 15:51:24 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2011-04-03 15:51:24 -0400 |
| commit | 261b1e6310885fcad3b50c8cd7240ccdc5ed54a9 (patch) | |
| tree | 9d213eb14b92c7abf971fba36c2c3f81b4b8d37a /doc/design | |
| parent | 0d1f2023340dd30e81bc003144a37e0fe03c333b (diff) | |
update
Diffstat (limited to 'doc/design')
| -rw-r--r-- | doc/design/encryption.mdwn | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/design/encryption.mdwn b/doc/design/encryption.mdwn index 72a7ad286..0242aabeb 100644 --- a/doc/design/encryption.mdwn +++ b/doc/design/encryption.mdwn @@ -102,8 +102,11 @@ could have already decrypted the cipher and stored a copy. If git-annex stores the decrypted symmetric cipher in memory, then there is a risk that it could be intercepted from there by an attacker. Gpg -amelorates these type of risks by using locked memory. - +amelorates these type of risks by using locked memory. For git-annex, note +that an attacker with local machine access can tell at least all the +filenames and metadata of files stored in the encrypted remote anyway, +and can access whatever content is stored locally. + This design does not support obfuscating the size of files by chunking them, as that would have added a lot of complexity, for dubious benefits. If the untrusted party running the encrypted remote wants to know file sizes, |