Re: Allow encfs into jessie?
Hi,
Michael Halcrow:
> > Finally, encfs has an interesting reverse crypto mode where it
> > presents an encrypted FUSE view over a plaintext mountpoint.
>
> With eCryptfs, you would accomplish this by unmounting and then
> reading the encrypted files directly from the lower file system.
>
This is not a replacement for encfs' Reverse Mode. Rev mode means that
there _is_ no encrypted "lower file system".
Reverse Mode means that you translate an unencrypted directory tree to an
encrypted one, instead of vice versa.
This is very useful for creating backups of critical data (which I cannot
store on an encrypted FS, as that would be much too slow) to 'unsafe'
remote media.
> The incidentally lost or misplaced laptop is just about the only
> adversarial model that the currently available data-at-rest encryption
> options available for Linux can effectively address.
>
… or USB stick.
> Do not expect any currently available encryption solutions to help you
> much if you are individually targeted.
>
You need non-encrypted data to actually work with them.
Thus an encrypted file system cannot and will not help make anything
more secure if the FS in question is mounted anyway.
That's pretty much a truism.
In any case, yes encfs is not 100% safe, but frankly it's still much better
than not encrypting data at all (esp. if the data to be stored is not
controlled by an adversary) – and there currently is no better solution
for a couple of important use cases. Thus, please bring it back.
--
-- Matthias Urlichs
Reply to: