[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Allow encfs into jessie?

Hi Holger,

On Thu, Sep 11, 2014 at 06:42:32PM +0200, Holger Levsen wrote:
> I (probably too briefly) skimmed though the bug report, but couldn't find a 
> usecase where an encrypted filestem container with broken crypto could be 
> useful. Could you elaborate, please?

As far as I understand the EncFS Security Audit, encfs is not using
'broken crypto'. The conclusion of the audit states it quite clearly:

"EncFS is probably safe as long as the adversary only gets one copy of
the ciphertext and nothing more. EncFS is not safe if the adversary
has the opportunity to see two or more snapshots of the ciphertext at
different times. EncFS attempts to protect files from malicious
modification, but there are serious problems with this feature."
(from https://defuse.ca/audits/encfs.htm)

A common use case for disk encryption is to protect a lost or stolen
laptop. And the adversary is not some powerful agency, but a curious
person browsing through the hard disk before formatting it.

I see no reason to assume that encfs is not good enough for that use
case, at the moment.

Of course, the crypto should be improved ASAP, as attacks to crypto
only get better.

Regards,
Jan
Reply to: