The --anykey option of EncFS I found to be particularly interesting.
It can be used to create two separate encrypted tree interleaved into
the same encrypted data directory.
encfs crypt_dir decrypted_default
EnvFS Password: normal_default_pass-phrase
encfs --anykey crypt_dir decrypted_other
EnvFS Password: different_pass-phrase
Basically it turns of the 'key validation' against the hash check in the
".encfs*" file but only files which can successfully decrypt are made
visible.
If the directory mounts and contains no data, then you know you have the
password wrong. You will get no error about wrong password when using
--anykey. As such double check the initial password should be done when
decrypting, by looking for a specific file.
The files and directories are interleaved in the encrypted
sub-directory. Though sub-directories will remain separated,
(preserving the original directory structure). This will make it obvious
that not all the data decrypted when you compare just the top level of
a decrypted tree against and the encrypted tree. Just the top level
compare is enough for this.
However if you also add chaff, and make it very obvious that their is
chaff, there is no way anyone can tell what will decrypt and what won't.
The simplist way to make chaff, would be to mount it with another junk
password, copy data in, unmount and then forget that password!
If you forget a particular password, it is VERY difficult to determine
which top-level files or directories belonged to that password.
Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au>
-----------------------------------------------------------------------------
Using encryption on the Internet is the equivalent of arranging an
armored car to deliver credit-card information from someone living in a
cardboard box to someone living on a park bench. -- Gene Spafford
-----------------------------------------------------------------------------
Anthony's Home is his Castle http://www.cit.gu.edu.au/~anthony/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
