🆕 Software Suggestion | EncFs #1620

New Issue

2019-12-26T00:29:38Z

haluzpav commented

2019-12-26 00:29:38 +00:00

(Migrated from github.com)

Basic Information

Name: EncFs
Category: Encryption Tools
URL: https://vgough.github.io/encfs/

Description

Per-file encryption, useful for cloud. Similar to Cryptomator, which you already include.

I understand you must have given EncFs a thought before but I couldn't find any discussion about it. It's not as shiny as Cryptomator, but EncFs is older and IMHO more established (e.g. it is included in Linux repos).

I think it deserves public reason for rejection. Is it only because of lower user-friendliness and similarity to Cryptomator, or does is also have other issues?

## Basic Information **Name:** EncFs **Category:** Encryption Tools **URL:** https://vgough.github.io/encfs/ ## Description Per-file encryption, useful for cloud. Similar to Cryptomator, which you already include. I understand you must have given EncFs a thought before but I couldn't find any discussion about it. It's not as shiny as Cryptomator, but EncFs is older and IMHO more established (e.g. it is included in Linux repos). I think it deserves public reason for rejection. Is it only because of lower user-friendliness and similarity to Cryptomator, or does is also have other issues?

Mikaela commented

2020-02-05 21:44:48 +00:00

(Migrated from github.com)

I was upgrading one Ubuntu to 20.04 and got this prompt earlier today:

 ┌────────────────────────┤ encfs:n asetusten säätö ├────────────────────────┐  
 │                                                                           │  
 │ Encfs security information                                                │  
 │                                                                           │  
 │ According to a security audit by Taylor Hornby (Defuse Security), the     │  
 │ current implementation of Encfs is vulnerable or potentially vulnerable   │  
 │ to multiple types of attacks. For example, an attacker with read/write    │  
 │ access to encrypted data might lower the decryption complexity for        │  
 │ subsequently encrypted data without this being noticed by a legitimate    │  
 │ user, or might use timing analysis to deduce information.                 │  
 │                                                                           │  
 │ Until these issues are resolved, encfs should not be considered a safe    │  
 │ home for sensitive data in scenarios where such attacks are possible.     │  
 │                                                                           │  
 │                                  <OK>                                     │  
 │                                                                           │  
 └───────────────────────────────────────────────────────────────────────────┘

Probably needs more research and putting a warning if we start listing it.

I was upgrading one Ubuntu to 20.04 and got this prompt earlier today: ``` ┌────────────────────────┤ encfs:n asetusten säätö ├────────────────────────┐ │ │ │ Encfs security information │ │ │ │ According to a security audit by Taylor Hornby (Defuse Security), the │ │ current implementation of Encfs is vulnerable or potentially vulnerable │ │ to multiple types of attacks. For example, an attacker with read/write │ │ access to encrypted data might lower the decryption complexity for │ │ subsequently encrypted data without this being noticed by a legitimate │ │ user, or might use timing analysis to deduce information. │ │ │ │ Until these issues are resolved, encfs should not be considered a safe │ │ home for sensitive data in scenarios where such attacks are possible. │ │ │ │ <OK> │ │ │ └───────────────────────────────────────────────────────────────────────────┘ ``` Probably needs more research and putting a warning if we start listing it.

Mikaela commented

2020-02-05 23:02:10 +00:00

(Migrated from github.com)

Possbly relevant links:

https://defuse.ca/audits/encfs.htm - the audit itself
https://github.com/vgough/encfs/labels/2.x%20candidate - label which I understand to contain issues mentioned in the audit?

@privacytoolsIO/content I wonder if we should close this for now?

Possbly relevant links: * https://defuse.ca/audits/encfs.htm - the audit itself * https://github.com/vgough/encfs/labels/2.x%20candidate - label which I understand to contain issues mentioned in the audit? @privacytoolsIO/content I wonder if we should close this for now?

danarel commented

2020-02-05 23:04:44 +00:00

(Migrated from github.com)

I'd vote to close it. Doesn't seem like something we should recommend.

dngray commented

2020-02-06 03:41:32 +00:00

(Migrated from github.com)

I think this might have be been on privacytools.io and removed ages ago. I think it's mostly been superseded by eCryptfs in most Linux distributions. Also this has an interesting write up about EncFS and other solutions https://www.cryfs.org/comparison/

I think this might have be been on privacytools.io and removed ages ago. I think it's mostly been superseded by [eCryptfs](https://en.wikipedia.org/wiki/eCryptfs) in most Linux distributions. Also this has an interesting write up about EncFS and other solutions https://www.cryfs.org/comparison/

Mikaela commented

2020-02-06 11:09:12 +00:00

(Migrated from github.com)

I take it that we can close this in favour of https://github.com/privacytoolsIO/privacytools.io/issues/1631.

This repo is archived. You cannot comment on issues.