On Mon, 30 May 2011 00:57:06 +0200 d...@morcilab.net wrote: | Is this a single point of failure for encfs? | I lose a file and the whole filesystem is gone forever? |
Pretty much yes. It is just as important as the password. Think of it as the 'public' part of the password. But the file does not need to be kept together with the encrypted data, or even kept in the clear. I myself keep the ".encfs6.xml" in a completely separate but well backed up storage, and is even separately encrypted. Just because the contents of this file can be 'public' does not mean I should give any hints or help to a would be attacker. In fact I don't even use the normal password that that '.encfs6.xml' was created with, but always use a --anykey option! The password I use to decrypt with is not even a hash of a user password, but a purely random one. Further more, I interleave multiple encfs data stores in the same directory so at no time does any one password decrypt everything in the data store! See my own notes on EncFS http://www.ict.griffith.edu.au/~anthony/info/crypto/encfs.hints Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au> -------------------------------------------------------------------------- UFO Kite: a radiply spinning motor at the end of a kite line. -------------------------------------------------------------------------- Anthony's Castle http://www.ict.griffith.edu.au/anthony/ ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
