惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Beyond Encryption: Reducing Metadata Leakage with Fragmentation
Artem · 2026-06-22 · via DEV Community

TL;DR: This article is a design exploration rather than a cryptographic proposal. It examines whether splitting encrypted files into independently stored fragments can reduce metadata leakage and make encrypted storage harder to analyze. The approach adds complexity and does not strengthen encryption itself.

1. The one-file-one-object problem

When people talk about file encryption, they usually focus on protecting file contents. If an attacker obtains a disk or a backup, the documents remain unreadable without the encryption key.

However, encryption does not necessarily hide everything about the storage.

Many encrypted storage systems follow a simple model: one original file becomes one encrypted object. The contents are protected, but the overall structure often remains visible. An observer may still be able to see how many objects exist, their approximate sizes, when new objects appear, and which objects change over time.

None of this reveals the plaintext directly. Still, it can provide useful clues about how the storage is organized and how it evolves.

This type of information is commonly referred to as metadata leakage. The exact amount of exposed metadata depends on the storage system, but the general problem remains the same: encryption protects data, while some information about that data may still be observable.

This raises an interesting question.

If encryption hides the contents of files, can we also make the structure of encrypted storage harder to analyze?

2. Fragmenting encrypted files

One possible way to reduce metadata exposure is to stop treating each encrypted file as a single storage object.

The file is encrypted as usual, but the resulting ciphertext is then split into multiple fragments that are stored independently.

Instead of a storage system containing a collection of encrypted files, the storage now contains a collection of encrypted fragments. An observer can still see the objects themselves, but determining which fragments belong together becomes less straightforward.

At first glance, this appears to improve privacy. The data remains protected by encryption, while the storage structure becomes less obvious.

It is important to keep the goal of fragmentation in perspective, however.

Fragmentation does not strengthen encryption, make key recovery harder, or replace proper key management. The confidentiality of the data still depends entirely on the underlying cryptographic mechanisms.

Its purpose is much narrower: to reduce the amount of structural information that can be inferred from the storage itself.

The question, therefore, is not whether fragmentation can replace encryption. It cannot.

The real question is whether fragmentation can make an already encrypted storage system more difficult to analyze.

3. Fragmenting files into a fixed number of parts

The simplest fragmentation strategy is to always split a file into the same number of fragments. For example, every encrypted file could be divided into 8, 16, or 32 parts regardless of its size.

This removes the direct one-file-one-object relationship, but it introduces a different problem.

When the number of fragments is fixed, fragment size becomes directly linked to the size of the original file. Larger files produce larger fragments, while smaller files produce smaller ones.

For example, splitting an 80 MB file into eight parts produces fragments of roughly 10 MB each. The same approach applied to an 8 MB file produces fragments of about 1 MB.

As a result, size-related metadata does not disappear. It simply moves from the file level to the fragment level. Fragments belonging to the same file tend to have similar sizes, making them easier to group and analyze.

This creates an interesting tradeoff. The direct relationship between a file and a storage object is removed, but a new relationship emerges between the file and the size of its fragments.

For that reason, splitting files into a fixed number of parts is best viewed as a first step rather than a complete solution. It obscures the storage structure, but still leaves patterns that can be observed through fragment sizes.

4. Fragmenting files into fixed-size parts

The limitations of the previous approach suggest a natural alternative: instead of fixing the number of fragments, fix their size.

For example, all encrypted data could be split into 1 MB blocks. Most fragments would then have the same size regardless of the original file.

This avoids the direct relationship between file size and fragment size, but it introduces a different form of metadata leakage.

With fixed-size fragments, file size is reflected in the number of fragments produced. A 400 MB file generates roughly 400 objects, while a 40 KB file may still occupy a single fragment.

In other words, the storage no longer reveals information through fragment sizes, but it still reveals information through fragment counts.

This becomes particularly noticeable for small files. A file that fits entirely within a single block effectively falls back to the familiar one-file-one-object model.

There is also a practical tradeoff when choosing a block size. Small blocks improve fragmentation but can generate huge numbers of objects for large files. Large blocks reduce object counts but provide little benefit for smaller data.

Compared to splitting files into a fixed number of parts, this approach hides metadata more effectively. However, the relationship between file size and storage structure remains visible, just in a different form.

5. Adaptive fragmentation

The previous approaches share a common weakness: they apply the same rule to every file.

When the number of fragments is fixed, file size is reflected in fragment size. When fragment size is fixed, file size is reflected in fragment count.

A more flexible approach is to choose the fragment size from a predefined set.

KB = 1024
MB = 1024 * KB

FRAGMENT_SIZES = [
    1 * KB,
    2 * KB,
    4 * KB,
    8 * KB,
    16 * KB,
    32 * KB,
]

Instead of treating every file identically, the system selects a size that produces a reasonable number of fragments.

For example, the goal might be to keep most files within a range of roughly 8–32 fragments.

TARGET_MIN = 8
TARGET_MAX = 32

for fragment_size in FRAGMENT_SIZES:
    count = math.ceil(file_size / fragment_size)

    if TARGET_MIN <= count <= TARGET_MAX:
        return fragment_size

This avoids the extremes of the previous strategies. Large files no longer explode into thousands of fragments, while smaller files are less likely to remain represented by a single object.

An additional benefit is that many unrelated files end up using the same fragment sizes. The storage gradually fills with large numbers of similar-looking objects, making size-based analysis less reliable.

The choice of fragment sizes, however, introduces its own tradeoff.

A large number of size options allows more precise tuning but also creates more distinct size categories within the storage. Fewer size options reduce the amount of information available to an observer, but make fragmentation less adaptable.

In practice, a relatively coarse scale is often sufficient:

FRAGMENT_SIZES = [
    1 * KB,
    4 * KB,
    16 * KB,
    64 * KB,
    256 * KB,
    1 * MB,
    4 * MB,
    16 * MB,
]

Even with adaptive sizing, deterministic behavior can still reveal patterns. A file of a particular size will usually be fragmented in exactly the same way every time.

One way to reduce this predictability is to introduce a small amount of randomness.

Instead of selecting a single "best" size, the system can choose from several nearby candidates.

best_index = FRAGMENT_SIZES.index(best_size)

candidates = FRAGMENT_SIZES[
    max(0, best_index - 1):
    min(len(FRAGMENT_SIZES), best_index + 2)
]

fragment_size = random.choice(candidates)

For example, if 1 MB is considered optimal, the system might choose 512 KB, 1 MB, or 2 MB. All options remain reasonably close to the target fragmentation level, but the resulting storage layout becomes less predictable.

As a result, two files of the same size may be fragmented differently, and even uploading the same file twice can produce different fragment layouts.

The relationship between file size and storage structure does not disappear entirely. However, it becomes significantly less direct than in either of the fixed-rule approaches.

6. The reconstruction map

At this point, a practical question becomes unavoidable.

If a file has been split into dozens or even hundreds of encrypted fragments, how does the system know which fragments belong together?

The answer is that fragmentation requires an additional metadata structure that describes how files can be reconstructed. We can call it a reconstruction map.

In its simplest form, it might contain information such as:

file_id
original_name
original_size
fragment_ids[]
fragment_order[]
checksum/hash

The reconstruction map stores the relationships between files and fragments, allowing the system to locate the required objects and reassemble them in the correct order.

Without it, the fragments are simply a collection of unrelated encrypted objects.

This observation reveals an important property of fragmentation.

Fragmentation does not eliminate metadata. Instead, it relocates the most valuable metadata into a dedicated structure.

In fact, the reconstruction map contains much of the information that fragmentation attempts to hide from an external observer. It knows which fragments belong together, how many fragments exist, and how they should be reassembled.

For that reason, storing such information alongside the fragments in plaintext would defeat much of the purpose of fragmentation. In practice, the reconstruction map would need to be protected separately, whether as an encrypted database, an encrypted manifest, or a dedicated secrets store.

This leads to an important conclusion.

The structure of the storage never truly disappears. Fragmentation merely makes that structure less visible and concentrates the knowledge required to reconstruct it into a separate component that must be protected just as carefully as the data itself.

7. Correlating fragments by creation time

Even if fragments contain no identifying information and are assigned completely random identifiers, one source of metadata still remains: time.

When a file is written to storage, all of its fragments are typically created within a very short period. As a result, they often share similar timestamps and appear in the filesystem as part of the same operation.

For an observer, this can become another useful signal. A group of objects created at nearly the same moment is likely to be related, even if their contents and identifiers reveal nothing.

The issue extends beyond timestamps themselves. Most filesystems maintain additional metadata associated with each object. For example, ext4, XFS, and UFS store information such as creation times, modification times, sizes, and filesystem-specific records.

None of this metadata directly reveals which fragments belong together. However, it can provide enough clues to support correlation and analysis.

One possible way to weaken these signals is to periodically recreate some existing fragments.

Instead of leaving fragments untouched after their initial creation, the system can occasionally select a subset of them, generate new identifiers, and write replacement objects containing the same encrypted data.

The contents remain unchanged, but the associated filesystem metadata is refreshed.

Over time, this makes creation timestamps less reliable as an indicator of when data originally entered the system. Fragments that were once created together gradually become harder to distinguish from fragments produced by unrelated operations.

This does not eliminate time-based metadata, but it can make temporal analysis significantly less useful.

8. The reshuffling algorithm

Once fragments begin to be recreated over time, the next question becomes obvious: how many should be reshuffled during each operation?

Recreating every fragment would be the most effective way to break temporal relationships, but it would also be prohibitively expensive. Even a minor change could trigger a rewrite of the entire storage.

At the opposite extreme is doing nothing at all, leaving timestamp-based correlations intact.

A practical solution lies somewhere in between.

One approach is to let the amount of reshuffling grow much more slowly than the storage itself. For example:

shuffle_count = ceil(log2(total_fragments + 1))

This produces roughly the following behavior:

100 fragments      → 7 recreations
1,000 fragments    → 10 recreations
10,000 fragments   → 14 recreations
100,000 fragments  → 17 recreations

In practice, minimum and maximum limits are usually desirable:

shuffle_count = min(
    MAX_SHUFFLE,
    max(
        MIN_SHUFFLE,
        math.ceil(math.log2(total_fragments + 1))
    )
)

With this approach, temporal relationships gradually become less reliable without forcing the system to constantly rewrite large portions of the storage.

The goal is not to erase the history of the data completely. It is simply to make that history less obvious and less useful for analysis.

9. The cost of fragmentation

By this point, fragmentation may seem like an attractive way to reduce metadata exposure. However, these benefits come at a cost.

The most obvious consequence is the growing number of storage objects. In a traditional system, one file usually corresponds to one object. With fragmentation, the same file may be represented by dozens or even hundreds of fragments.

This increases the amount of filesystem metadata, the number of objects that must be tracked, and the overall complexity of storage operations.

The reconstruction map introduces additional overhead as well. Every fragmented file requires metadata describing which fragments belong together and how they should be reassembled. As the number of fragments grows, so does the amount of information needed to manage them.

File operations also become more expensive.

Reading a file requires locating all relevant fragments and reconstructing them in the correct order. Writing a file requires encryption, fragmentation, metadata updates, and, potentially, reshuffling of existing fragments.

Storage scalability becomes another consideration.

If files are fragmented aggressively, object counts can increase much faster than the amount of stored data. A storage system containing 100,000 files may easily end up managing millions of fragments.

Modern filesystems can handle such workloads, but large object counts can affect indexing, backup operations, directory traversal, and general maintenance tasks. In filesystems such as ext4, every object also requires its own inode, making metadata consumption a practical concern rather than a purely theoretical one.

Perhaps the most significant cost, however, is architectural complexity.

A fragmented storage system requires reconstruction maps, fragment management, reassembly logic, reshuffling mechanisms, consistency guarantees, and recovery procedures. Over time, it begins to resemble a second filesystem built on top of the existing one.

For that reason, fragmentation is difficult to describe as a free security improvement.

It can reduce the amount of metadata available to an observer, but it achieves this by introducing additional overhead, greater implementation complexity, and new operational challenges.

Conclusion

Encryption protects the contents of data. Fragmentation can make the structure of that data more difficult to analyze.

By breaking the direct relationship between files and storage objects, a fragmented storage system can reduce some forms of metadata leakage and make storage layouts less transparent to an observer.

At the same time, fragmentation does not strengthen encryption and does not eliminate metadata entirely. Much of the structural information is simply moved into a reconstruction mechanism that must be protected separately.

The approach also introduces significant costs. More objects must be managed, additional metadata must be maintained, and the overall architecture becomes considerably more complex.

As a result, fragmentation is best viewed as a complementary technique rather than a replacement for encryption. It addresses a different problem: not protecting the contents of data, but reducing the amount of information that can be inferred from the structure of the storage itself.