Hallo, * Matthias Urlichs [Mon, Sep 29 2014, 07:29:44AM]: > > > According to a security audit by Taylor Hornby (Defuse Security), the current > > > implementation of Encfs is vulnerable or potentially vulnerable to multiple > > > attacks on the encrypted data. This especially affects use cases where the > > > attacker has read/write access to the encrypted directory or has enough > > > knowledge of the unencrypted file system contents. > > > . > s/especially/only/, AFAIK. Maybe, but: "only" could sound like absolution to clueless users and I am not willing to make such suggestions. > > > In the current situation encfs should not be considered a safe home for > > > sensible data. This package should be only used to retrieve information from > > s/sensible/sensitive/ Ouch, thank you. > > > previously encrypted sources, and even this action contains some risk of > > > receiving compromised data. > > > To recap the security analysis, as I understood it: There's a problem if > somebody has, or had, access to the encrypted files _and_ can store random > data of their choosing there (by manipulating either the encrypted or the > unencrypted files). The notice should unequivocally state exactly that, > instead of the current level of (IMHO) panic mongering. > > In most scenarios (encrypt some personal or corporate data stored on NFS, > use reverse mode to store an encrypted backup of sensitive stuff to the > cloud, whatever) this is a non-problem. I agree regarding most scenarios and I changed the text now. However, it's hard to keep the text understandable for average user and mention all relevant dangers without goind too much into details. So, I suggest this new version. Added below for review; I consider uploading this to Experimental and submitting for l10n in a couple of days. Regards, Eduard. Template: encfs/security-information Type: error _Description: Encfs security information According to a security audit by Taylor Hornby (Defuse Security), the current implementation of Encfs is vulnerable or potentially vulnerable to multiple types of attacks. For example, an attacker with read/write access to encrypted data might lower the decryption complexity for subsequently encrypted data without being noticed by the legimitate user, or may compute encryption information by timing analysis. . Until these issues are resolved, encfs should not be considered a safe home for sensitive data in certain scenarios.
Attachment:
signature.asc
Description: Digital signature