Talk:Filesystem-level encryption

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing: Software High‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as High-importance). This article is supported by WikiProject Computer Security (assessed as High-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Cryptography: Computer science High‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles High This article has been rated as High-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as High-importance).

Template for filesystems redirect here in "transparent encryption", however transparent encryption is both a per-file encryption (like EFS) and a per-volume encryption (like DR-DOS or Cryptoloop), that transparently encrypts and decrypts file/volume contents without the user or the programs knowing about that process.

I think that this article should be enhanced and renamed.

—Claunia 12:37, 30 October 2006 (UTC)[reply]

Or better yet, enhance this Common filesystem features article.

—Claunia 12:49, 30 October 2006 (UTC)[reply]

In the context of filesystems, it doesn't make any sense to talk about transparent block device-level encryption (disk encryption) - as any filesystem supports this method as long as the operating system has a means for disk encryption. I think the link caption in the filesystem infobox template should be changed instead to make it more clear. And I don't see a need for rename, either - there already are articles on full disk encryption and disk encryption which cover the disk-level encryption part. In my opinion, separating these is a good thing, as they are conceptually very different - although a generic article comparing the two would be nice to have, too. As for enhancing, name one article on Wikipedia that shouldn't be enhanced? ;) -- intgr 22:16, 30 October 2006 (UTC)[reply]

Wikipedia appears to have a de facto standard of spelling out "file system" as separate words instead of "filesystem"; however, I don't think the title of this article (or any links) should follow that, as the phrase "file system-level encryption" could be interpreted as "system-level file encryption" which is not quite right – file system is a precise technical term. Opinions? -- intgr 03:29, 16 December 2006 (UTC)[reply]

Seems like a pragmatic solution. Open4D (talk) 07:10, 29 November 2013 (UTC)[reply]

"Given the coarsely stated differentiation between "filesystem-level encryption" and "cryptographic file systems," it should be clear to all but the novice that the former does not in any way implement automatic encryption, which—one imagines—is what the user would expect. Nor is a file kept encrypted automatically and updated, fully encrypted, in place: indeed, one must bodily decrypt, modify, and encrypt in order to make the least change. Anyone can use a third-party utility to encrypt this file or that folder on demand, so packaging that capability within the file browser and terming it "filesystem-level encryption" is, at best, deceptive. The differentiation indicated heretofore, that is, whether metadata is or is not encrypted, merely obfuscates the issue. Windows, in fact, does not provide any capability resembling automatic encryption: to this extent, at least, the oft-ballyhooed "filesystem-level encryption" is merely a minor convenience that frees the user from having to install a third-party encryption application."

[User:Intgr] responded with "(revert POV/weasel blurb; no source cited for claiming that general-purpose FSes don't do in-place updates; Windows does provide 'automatic' encryption with folder attributes)."

We may be splitting hairs here, but let's clarify: Windows implements what I'd call "conditional filesystem-level encryption". The encryption by EFS is entirely automated, not requiring any user intervention once it's initially configured, and it is transparent to all applications except those that explicitly implement the Backup APIs. That said, it's conditional in that the EFS component driver will encrypt files only if it detects that either (a) the folder has the Encrypted attribute enabled, or (b) the user application (e.g. Windows Explorer, CIPHER.EXE) has passed an explicit flag to request that the file be created encrypted. Once a file is encrypted, it is kept encrypted automatically and updated, fully encrypted, in place (unless the user explicitly requests that the file be decrypted).

Question to the original poster (69.140.68.72): to what other mistakenly-labelled "filesystem-level encryption" application are you referring? —Preceding unsigned comment added by ParanoidMike (talk • contribs) 22:07, August 27, 2007 (UTC)

Maybe the problem with "differentiation between filesystem-level encryption and cryptographic file systems" would be mitigated by my suggestions at Talk:Disk encryption#File & disk encryption article restructuring. Part of my suggestion is that this Filesystem-level encryption article would become just a redirect. Open4D (talk) 07:16, 29 November 2013 (UTC)[reply]