update

2011-04-03 15:51:24 -04:00 · 2011-04-03 15:51:24 -04:00 · 261b1e6310
commit 261b1e6310
parent 0d1f202334
1 changed files with 5 additions and 2 deletions
--- a/doc/design/encryption.mdwn
+++ b/doc/design/encryption.mdwn
@ -102,7 +102,10 @@ could have already decrypted the cipher and stored a copy.

 If git-annex stores the decrypted symmetric cipher in memory, then there
 is a risk that it could be intercepted from there by an attacker. Gpg
-amelorates these type of risks by using locked memory.
+amelorates these type of risks by using locked memory. For git-annex, note
+that an attacker with local machine access can tell at least all the
+filenames and metadata of files stored in the encrypted remote anyway,
+and can access whatever content is stored locally.

 This design does not support obfuscating the size of files by chunking
 them, as that would have added a lot of complexity, for dubious benefits.