-users] Secrecy Proposal
Hi,
most of CryFS was developed after the thesis was finished.
It was developed as an open source project with users in mind, it is not
meant as a proof-of-concept for the thesis.
I agree there are still issues, CryFS is not stable yet. For example,
the build system has to
Hi,
most of CryFS was developed after the thesis was finished.
It was developed as an open source project with users in mind, it is not
meant as a proof-of-concept for the thesis.
I agree there are still issues, CryFS is not stable yet. For example,
the build system has to be switched.
I propos
>thanks for your feedback. Building CryFS on Mac OS X is currently not
>supported unfortunately.
>Maybe I should've said that clearer from the beginning, I'm sorry this
>got you so frustrated.
Thank you for the explanation. It confirms my assessment:
- The idea and the filesystem architecture are
Hi Uri,
thanks for your feedback. Building CryFS on Mac OS X is currently not
supported unfortunately.
Maybe I should've said that clearer from the beginning, I'm sorry this
got you so frustrated.
Btw most users won't ever build CryFS themselves - there are Debian
packages already, and in futur
>>OK, I got the code and took a brief look. First impression: it looks
>> like an exercise in “how many different and complex packages I can tie
>> together without crashing the whole thing”. Fragility of such approach
>> are too numerous to list.
>When I started the project, I was trying out
On 09.02.2016 00:53, Blumenthal, Uri - 0553 - MITLL wrote:
> OK, I got the code and took a brief look. First impression: it looks
> like an exercise in “how many different and complex packages I can tie
> together without crashing the whole thing”. Fragility of such approach
> are too numerous
>>I meant that since file size does change with encryption padding, MAC,
>> and IV - if (a) one picks large block size, and (b) filesize are
>> comparable to block size, it would be hard to tell one (small) file
>> from another. Think copies of text emails (not those JavaScript
>> monsters :). :-)
On 08.02.2016 23:44, Blumenthal, Uri - 0553 - MITLL wrote:
> I meant that since file size does change with encryption padding, MAC,
> and IV - if (a) one picks large block size, and (b) filesize are
> comparable to block size, it would be hard to tell one (small) file
> from another. Think copi
>>Well, it can confuse somewhat file size of multiple small files
>That sounds interesting. Can you explain what you mean by that?
I meant that since file size does change with encryption padding, MAC, and
IV - if (a) one picks large block size, and (b) filesize are comparable to
block size, it wo
Hey Uri,
On 08.02.2016 22:17, Blumenthal, Uri - 0553 - MITLL wrote:
> Well, it can confuse somewhat file size of multiple small files
That sounds interesting. Can you explain what you mean by that?
>> A watermarking attack is where an attacker gives you a certain file (or
>> set of files) and want
>>Doesn’t EncFS obscure at least some metadata (besides names)?
>As far as I know, EncFS keeps the metadata (i.e. permission bits)
>unencrypted.
I see. Yes, I think this is correct, at least regarding permission bits.
>It obscures file names, but not file sizes or directory structure.
Well, it c
Hi Uri,
On 08.02.2016 19:42, Blumenthal, Uri - 0553 - MITLL wrote:
> Doesn’t EncFS obscure at least some metadata (besides names)?
As far as I know, EncFS keeps the metadata (i.e. permission bits)
unencrypted.
It obscures file names, but not file sizes or directory structure.
>> Another potentia
Hi Uri,
there are use cases where it is enough to encrypt file contents and you
don't care about the directory structure, file sizes or file metadata
being public. For these cases, a (fixed version of) EncFS works just as
well.
However, this metadata being public gives an attacker more informa
It is unclear to me what kind of information you expect the adversary to
learn from the current EncFS structure with encrypted filenames (and the
other protections, like block-encoding file names, etc), what what in your
opinion that adversary could do with that information.
I wonder if the extra
Hey Anthony,
thank you. Tell me what you think after you tried it out.
If you have input on the way I intend to solve the directory conflict
problem, I'd also be happy to hear it.
Just as you can with EncFS, you can interleave multiple encrypted file
systems in CryFS if you keep the configurati
I look forward to testing out this out. As I have said in the past, this
is the 'next step' in the File System Level of Encryption (As opposed to
Disk/Partition or individual File based encryption).
The point about a changes to a directory on two different systems causing a
synchronization confli
Hey Jakob,
thank you. I already fixed one of the reported issues :)
If two users add a file at the same time to the same directory, this
will cause a synchronization conflict in the current version. This only
happens if it is really the same directory. Working with different
directories (that
Hi Sebastian, great work, congratulations!
I tested it briefly and only found two minor issues that I have reported
through github.
However, I don't yet understand how Dropbox synchronisation is supposed to
work.
As far as I can see, the list of files in a directory is stored in a file.
So if Ali
Since EncFS doesn't hide directory structure (and also in the light of
the recent security issues), and since the discussion on the mailing
list here showed that it is probably out of scope for the original EncFS
project, I've started an own project fixing this. You can find CryFS at
https://ww
I'm just sort of wondering if any more progress, thoughts or discussion
has happened along these lines.
It may be that such a major change would need to be created as a new
project.
Any info?
Anthony Thyssen ( System Programmer )
--
I like the idea of also hiding directory structure.
I see the problem with the metadata.
We could either try to implement an own representation of metadata, or
just ignore it in this mode (at least at first). Since the user can
decide whether to use this mode or not, they can then choose between
p
On Sun, 14 Sep 2014 22:26:34 -0700
Sebastian Messmer wrote:
| Hello,
|
| I'm using encfs for encrypted cloud file synchronization and it works
| great. I have some thoughts about secrecy though I'd like to discuss.
|
| Encfs is great in hiding file contents. If enabling file name
| encryption, y
Hello,
I'm using encfs for encrypted cloud file synchronization and it works
great. I have some thoughts about secrecy though I'd like to discuss.
Encfs is great in hiding file contents. If enabling file name
encryption, you can also hide a bit more information about what the
files contain.
Howev
23 matches
Mail list logo
