Re: Allow encfs into jessie?

To: Matthias Urlichs <matthias@urlichs.de>
Cc: Christian PERRIER <bubulle@debian.org>, Jan Niehusmann <jan@gondor.com>, debian-devel@lists.debian.org, 736066@bugs.debian.org
Subject: Re: Allow encfs into jessie?
From: Eduard Bloch <edi@gmx.de>
Date: Sun, 5 Oct 2014 22:20:10 +0200
Message-id: <[🔎] 20141005202010.GA21392@rotes76.wohnheim.uni-kl.de>
Mail-followup-to: Matthias Urlichs <matthias@urlichs.de>, Christian PERRIER <bubulle@debian.org>, Jan Niehusmann <jan@gondor.com>, debian-devel@lists.debian.org, 736066@bugs.debian.org
In-reply-to: <20140929052944.GA7184@smurf.noris.de>
References: <20140911101208.GA17234@x61s.reliablesolutions.de> <20140911145514.GA9500@rotes76.wohnheim.uni-kl.de> <20140928214640.GA8136@rotes76.wohnheim.uni-kl.de> <20140929044338.GD4420@mykerinos.kheops.frmug.org> <20140929052944.GA7184@smurf.noris.de>

Hallo,
* Matthias Urlichs [Mon, Sep 29 2014, 07:29:44AM]:

> > >  According to a security audit by Taylor Hornby (Defuse Security), the current
> > >  implementation of Encfs is vulnerable or potentially vulnerable to multiple
> > >  attacks on the encrypted data. This especially affects use cases where the
> > >  attacker has read/write access to the encrypted directory or has enough
> > >  knowledge of the unencrypted file system contents.
> > >  .
> s/especially/only/, AFAIK.

Maybe, but: "only" could sound like absolution to clueless users and I
am not willing to make such suggestions.

> > >  In the current situation encfs should not be considered a safe home for
> > >  sensible data. This package should be only used to retrieve information from
> 
> s/sensible/sensitive/

Ouch, thank you.

> > >  previously encrypted sources, and even this action contains some risk of
> > >  receiving compromised data.
> > 
> To recap the security analysis, as I understood it: There's a problem if
> somebody has, or had, access to the encrypted files _and_ can store random
> data of their choosing there (by manipulating either the encrypted or the
> unencrypted files). The notice should unequivocally state exactly that,
> instead of the current level of (IMHO) panic mongering.
> 
> In most scenarios (encrypt some personal or corporate data stored on NFS,
> use reverse mode to store an encrypted backup of sensitive stuff to the
> cloud, whatever) this is a non-problem.

I agree regarding most scenarios and I changed the text now. However,
it's hard to keep the text understandable for average user and mention
all relevant dangers without goind too much into details.

So, I suggest this new version. Added below for review; I consider
uploading this to Experimental and submitting for l10n in a couple of
days.

Regards,
Eduard.

Template: encfs/security-information
Type: error
_Description: Encfs security information
 According to a security audit by Taylor Hornby (Defuse Security), the current
 implementation of Encfs is vulnerable or potentially vulnerable to multiple
 types of attacks. For example, an attacker with read/write access to encrypted
 data might lower the decryption complexity for subsequently encrypted data
 without being noticed by the legimitate user, or may compute encryption
 information by timing analysis.
 .
 Until these issues are resolved, encfs should not be considered a safe home
 for sensitive data in certain scenarios.

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Allow encfs into jessie?
  - From: Matthias Urlichs <matthias@urlichs.de>

Prev by Date: Bug#764115: ITP: baloo-kcmadv -- advanced configuration module for KDE Desktop Search
Next by Date: Re: Bug#762949: ITP: obs-build -- scripts for building RPM/debian packages for multiple distributions
Previous by thread: Bug#764115: ITP: baloo-kcmadv -- advanced configuration module for KDE Desktop Search
Next by thread: Re: Allow encfs into jessie?
Index(es):
- Date
- Thread