>> Issues 2.2 and 2.3, as well as reference [2] could be solved by using >> random bytes. >> How can this feature be enabled ? > > Random bytes won't solve reference [2] because the same amount of random > bytes (proportionally) will be added to each file, so you can still > figure out the relative sizes of files in a directory, and the number of > files in a directory.
You’re right. I thought that random bytes were used as a padding for the last partial data block. But no :) So, a solution could to use a block instead of a stream for the last (partial) data block. The last partial block could be padded with random bytes, zeros… I don’t know wether number of blocks used in a file is stored in its EncFS header or not, but if it is, it could be replaced by its size, so that the end of the file data in the last block is known. Stream mode would then not be used at all, which would solve issues 2.2 and 2.3. It would also solve reference [2] as encoded files' size would not be the real files’ size but a multiple of the block size. By "chance" it could be the real files' size, but not necessarily. Valient, what do you think about it ? >> You say that as it is now, EncFS is not suitable for protecting >> mission-critical data. >> Then, just for information, what would you advise as a replacement ? > > Full disk encryption (or TrueCrypt's file container) should be used > whenever possible, since it avoids the leakage in reference [2]. If that > doesn't fit the use case, there's eCryptfs, which might be better: > > http://ecryptfs.org/ > > I'm actually auditing ecryptfs next week so we'll see how good it is. > > Maybe someone else on the list knows of another alternative? EncFS has some nice features eCryptfs does not have, for example the idle option which automatically unmounts the filesystem after a period of inactivity. The ability to hide the mounted FS to other users (FUSE behavior) is also something good. eCryptfs has the kernel design, which sounds good in terms of performance, but we never know. Well, let’s wait for your eCryptfs audit ! Thank you, Best regards, Ben ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
