Hi Uri, On 08.02.2016 19:42, Blumenthal, Uri - 0553 - MITLL wrote: > Doesn’t EncFS obscure at least some metadata (besides names)? As far as I know, EncFS keeps the metadata (i.e. permission bits) unencrypted. It obscures file names, but not file sizes or directory structure. >> Another potential problem are watermarking attacks. > Could you please explain?
A watermarking attack is where an attacker gives you a certain file (or set of files) and wants to check later whether you stored it in your filesystem or not. With EncFS, this is possible if they just remember the file size distribution. > My concern is that in the attempt to improve security we may hurt > reliability. As of today, I wouldn't recommend CryFS for production use. It is a very young project. I'm using it myself for my documents and files and didn't have any issues, but it still needs to be proven by a larger number of beta testers. That is another reason why I reached out to this mailing list. The design of CryFS is not very complicated and there are an awful lot of test cases, so I think I can get CryFS to be at least as stable as EncFS is today. > >>> For those who’d rather have a completely opaque container, there is >>> VeraCrypt. Ah right I forgot the VeraCrypt point you mentioned. VeraCrypt is a great choice if you're encrypting your files only locally and you know a maximal file system size in advance. Because you have to allocate a full container file even if it is only half full, you get the additional advantage of hiding how much data you actually store in your container. With CryFS, you can also do that, but it is more complicated (you'd have to introduce dummy blocks or a second file system with dummy data working on the same base directory). So for local-only encryption, CryFS only has an advantage if it is important to you that the file system only allocates the space you actually use. However, VeraCrypt doesn't work well when the data is stored in the cloud. Even if you only change one small file in your file system, this might cause the whole container file to be re-uploaded. Furthermore, if you make changes to your file system on two different computers without waiting for a full sync in between, you will end up having conflicts in the container file, i.e. you will have two container files with each of them containing only one of the changes. Best Sebastian ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
