Outdoor backup: gocryptfs --init --reverse: alway same .diriv in 1st level directory

Intro

Trying to send encrypted backup of in productions filesystems, I was interested by the ability of using gocryptfs in reverse mode!

The idea is to

• use gocryptfs --reverse from any existing (unencrypted) folder, for mounting an encrypted version of my folder.
• then backup the encrypted folder using rsync, tar or any usefull tool (tar 1st time, then rsync periodically).
• On remote backup server, I could use cp -al for duplicate (hardlink) backup folder to a time stamped folder (note: as fs is encrypted on remote, time stamped folder have to be created at source and his encrypted name must be passed to the backup server in any way for this become possible... I'm not alread totally clear about how I will do this. The method in my draft is working, but I'm not satisfied...)
• Further rsync will modify remote folder but won't change any time stamped folder,
• Finally using sshfs to mount remote backup (in read-only) to my local machine, then
• I could use gocrypts (in regular way) from the mounted sshfs to unencrypt backuped folder (and his copies).

( Full draft script here: gocrypt-script.sh )

My doubt

Doing some test around gocryptfs, I noticed that the gocryptfs.diriv file is alway the same in 1st directory level when initialised in reverse mode:

$ gocryptfs -q -init -reverse test1 <<<'what a fucking strong pass phrase'$ gocryptfs -q -init -reverse test2 <<<"another long'n strong pass phrase"$ gocryptfs -q -init -reverse test3 <<<"shortPassword"$ gocryptfs -q -reverse test1 <<<'what a fucking strong pass phrase' crypt1$ gocryptfs -q -reverse test2 <<<"another long'n strong pass phrase" crypt2$ gocryptfs -q -reverse test3 <<<"shortPassword" crypt3$ sha1sum crypt?/gocryptfs.diriv2c9b6702d05d2de71816666387f6d4ea3c28c9cd crypt1/gocryptfs.diriv2c9b6702d05d2de71816666387f6d4ea3c28c9cd crypt2/gocryptfs.diriv2c9b6702d05d2de71816666387f6d4ea3c28c9cd crypt3/gocryptfs.diriv

But this files differ when initalized in normal way:

$ mkdir test{4,5,6}$ gocryptfs -q -init test4 <<<'what a fucking strong pass phrase'$ gocryptfs -q -init test5 <<<'what a fucking strong pass phrase'$ gocryptfs -q -init test6 <<<'what a fucking strong pass phrase'$ sha1sum test?/gocryptfs.dirivf38755738a0be70b6b103f6fdbdb05aaebb3ffe5 test4/gocryptfs.dirive2e64788a6e2f0a4554bc56d9b17e55471766398 test5/gocryptfs.diriv206d278a405d3f826da842abdcdd37e475f9e02e test6/gocryptfs.diriv

After doing some more tests;gocrypt-test.sh

I could ensure each master key is clearly different! But I'm not sure about the meaning and implicaton of gocryptfs.diriv file... I wonder if this could significantly reduce required work for breaking the master key!?

Author answer

So I asked this as an issue at git source server, author told me:

Hi, yes, you are correct, the first level gocryptfs.diriv is always the same.

As seen in https://nuetzlich.net/gocryptfs/reverse_mode_crypto/#derived-ivs , it's computed as

sha256(path + \0 + DIRIV)

This is not a problem. The only important thing thing about gocryptfs.diriv (Dir IV = Directory Initialisation Vector) is that you use different values for different directories within one file system.

Not totally convinced by this, I would appreciate more elaborated explanation.