https://bugs.kde.org/show_bug.cgi?id=485051
Bug ID: 485051
Summary: Remove EncFS from the list of supported Algorithms
Classification: Plasma
Product: Plasma Vault
Version: unspecified
Platform: unspecified
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: ivan.cu...@kde.org
Reporter: amanita+kdeb...@mailbox.org
Target Milestone: ---
I am not sure if this is already done.
A security audit revealed several security issues in EncFS:
https://sourceforge.net/p/encfs/mailman/message/31849549/
These issues seem to not have been fixed to this day:
https://github.com/vgough/encfs/issues/604
The last commit on the project was 4 years ago, it seems unmaintained and is
not secure to use.
I would like to discuss the removal from Plasma Vault, as trusting it is
dangerous after the known vulnerabilities for years.
Starting with removal from the "list of supported algorithms".
Then Vault should display a message "EncFS has known vulnerabilities, export
your data and use a different encryption algorithm" on every decrypt using
EncFS.
Then after some time it could be removed from Plasma Vault.
What do you think? Cheers!
--
You are receiving this mail because:
You are watching all bug changes.
