Re: [RFR] po-debconf://apt-cacher-ng (new template)
Eduard Bloch wrote:
[...]
> #: ../encfs.templates:1001
> msgid ""
> "According to a security audit by Taylor Hornby (Defuse Security), the "
> "current implementation of Encfs is vulnerable or potentially vulnerable to "
> "multiple types of attacks. For example, an attacker with read/write access "
> "to encrypted data might lower the decryption complexity for subsequently "
> "encrypted data without being noticed by the legimitate user, or may compute "
> "encryption information by timing analysis."
> msgstr ""
Typo: s/legimitate/legitimate/
And I'm not keen on the phrasing of the last part; maybe
"encrypted data without this being noticed by a legitimate user, or might
"use timing analysis to deduce information."
(I gather the information is about MACs, but maybe explaining that
would take longer than it's worth.)
>
> #. Type: error
> #. Description
> #: ../encfs.templates:1001
> msgid ""
> "Until these issues are resolved, encfs should not be considered a safe home "
> "for sensitive data in certain scenarios."
> msgstr ""
If you mean the scenarios implied above where an attacker has
read/write access or can monitor encryption times then it should
probably refer back to them:
"Until these issues are resolved, encfs should not be considered a safe home "
"for sensitive data in scenarios where such attacks are possible."
There should probably also be a link to further information, or is
that going in a NEWS file?
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: