| View previous topic :: View next topic |
| Author |
Message |
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3683
Location: Rasi, Finland
|
 Posted: Fri May 24, 2024 12:36 pm Post subject: Do you use EncFS? Is it "ready" or abandoned? |
 |
|
To avoid derailing "encrypting a single directory?" I decided to open up this thread.
As the topic says, do you still use it? | eshowkw -O encfs: | Keywords for sys-fs/encfs:
| | u |
| a a p s l r a | n |
| m r h p p i o i s l m m | e u s | r
| d a m p p c a x a o s 3 p 6 i | a s l | e
| 6 r 6 p p 6 r 8 6 n c 9 h 8 p | p e o | p
| 4 m 4 a c 4 c 6 4 g v 0 a k s | i d t | o
----------------+-------------------------------+-------+-------
1.9.5-r2 | + + o o o ~ ~ + o o o o o o o | 8 # 0 | gentoo
1.9.6_alpha0 | + + o o o ~ ~ + o o o o o o o | 8 o | mv |
It's still on ::gentoo. And ::mv has a bit newer version. Looking at the git repo, the last commit is from four years ago.
I wonder if it's safe to use?
It would be nice to mount some directory somewhere as encrypted, then sync the encrypted files into some off-site backup.
Thoughts on this? Anything else that comes into mind? Anternatives (preferably ones that are simple, transparent and fs agnostic)?
_________________
..: Zucca :..
| My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3407
|
| Posted: Fri May 24, 2024 1:46 pm Post subject: |
|
|
I never used it. However: just because it's not actively developed doesn't mean it's broken.
According to its manual it uses AES, so this this objective should be met 4 years ago, now, and also 20 years to the future unless there is a breakthrough in research regarding cryptography.
| Quote: | | The primary goal of EncFS is to protect data off-line. That is, provide a convenient way of storing files in a way that will frustrate any attempt to read them if the files are later intercepted. |
I have some files older than 4 years.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3683
Location: Rasi, Finland
|
| Posted: Fri May 24, 2024 2:46 pm Post subject: |
|
|
Yeah.
So I guess if the libraries it uses (mainly the AES library) is kept up to date, then I should be ok.
Just need to make sure those libs are dynamically loaded, rather than statically compiled in... This is pretty good example of the benefit of dynamic libs, I guess.
I'll start experimenting when I have more time to focus on this.
_________________
..: Zucca :..
| My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3407
|
| Posted: Fri May 24, 2024 3:03 pm Post subject: |
|
|
| Quote: | | So I guess if the libraries it uses (mainly the AES library) is kept up to date, then I should be ok. |
Doesn't even matter, as long as it's actually AES. (or any other _working_ cipher).
Data at rest doesn't change just because there were some updates to the code, and I'm not too concerned with side-channel attacks on the encryption process itself, because pulling it off is probably more difficult than just getting my machine to decrypt my files for you.
If you could exploit some bug remotely, that would be an issue. But this particular application doesn't look easily exploitable, even if it does have some bugs.
Basically, the only real consideration (in terms of no new updates) is "is it usable" and "will it break after you update something else making you unable to recover your files". Which can be mitigated with an OS backup.
So... Is it usable?
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
carcajou
Apprentice
Joined: 10 Jun 2008
Posts: 248
|
| Posted: Sat May 25, 2024 6:03 am Post subject: |
|
|
| I am not familiar with encfs, but there is also sys-fs/cryfs. AFAIK it is used as backend for Plasma vaults. I did not have any issues with it in the last ~4 years. |
|
| Back to top |
|
|
kurisu
Apprentice
Joined: 19 Jan 2011
Posts: 177
Location: Munich, Germany
|
| Posted: Wed May 29, 2024 10:38 am Post subject: |
|
|
I'm still using encfs, but would like to migrate to cryfs if it finally gets bumped to the lastest version.
See https://bugs.gentoo.org/820257
_________________
#1 Ryzen 7 2700 | Asus ROG Strix X470-F Gaming | G.Skill 32 GB DDR4-3000 | PowerColor Radeon RX 5700 Red Dragon | Samsung SSD 970 EVO Plus 1TB NVMe
#2 Ryzen 5 2400G | ASRock B450 Steel Legend | G.Skill 16 GB DDR4-3000 | Samsung SSD 850 PRO 512GB SATA |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3683
Location: Rasi, Finland
|
| Posted: Wed May 29, 2024 5:48 pm Post subject: |
|
|
Can CryFS used in the same way as EncFS?
I feel it doesn't work the same way from the users perspective.
_________________
..: Zucca :..
| My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
Juippisi
Developer
Joined: 30 Sep 2005
Posts: 749
Location: /home
|
| Posted: Thu May 30, 2024 3:52 am Post subject: |
|
|
| Heh, that's a blast from the past. I remember using encfs ~20 years ago. Nowadays I'm on zfs native encryption / luks due to simplicity. |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3683
Location: Rasi, Finland
|
| Posted: Thu May 30, 2024 7:56 am Post subject: |
|
|
My goal is (eventually) be able to mount any non-encrypted directory to an another place where the contents are identical but encrypted so I can then simply upload the encrypted directory to somewhere on the net.
So I'm not interested on on-disk encryption in this case.
_________________
..: Zucca :..
| My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
kurisu
Apprentice
Joined: 19 Jan 2011
Posts: 177
Location: Munich, Germany
|
| Posted: Thu Jul 11, 2024 8:24 pm Post subject: |
|
|
cryfs-0.11.4 is now stable and should meet your requirements.
I'm going to migrate my cloud from encfs to cryfs soon.
_________________
#1 Ryzen 7 2700 | Asus ROG Strix X470-F Gaming | G.Skill 32 GB DDR4-3000 | PowerColor Radeon RX 5700 Red Dragon | Samsung SSD 970 EVO Plus 1TB NVMe
#2 Ryzen 5 2400G | ASRock B450 Steel Legend | G.Skill 16 GB DDR4-3000 | Samsung SSD 850 PRO 512GB SATA |
|
| Back to top |
|
|
kurisu
Apprentice
Joined: 19 Jan 2011
Posts: 177
Location: Munich, Germany
|
| Posted: Thu Jul 25, 2024 5:04 pm Post subject: |
|
|
Sadly cryfs' performance is far too bad to be a replacement for encfs when it comes to huge amounts of data. See eg. https://github.com/cryfs/cryfs/issues/297
Maybe gocryptfs will be an alternative.
_________________
#1 Ryzen 7 2700 | Asus ROG Strix X470-F Gaming | G.Skill 32 GB DDR4-3000 | PowerColor Radeon RX 5700 Red Dragon | Samsung SSD 970 EVO Plus 1TB NVMe
#2 Ryzen 5 2400G | ASRock B450 Steel Legend | G.Skill 16 GB DDR4-3000 | Samsung SSD 850 PRO 512GB SATA |
|
| Back to top |
|
|
|
Gentoo Chat
