If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

To EncFS or not EncFS

anvilfour · 2015-10-15 09:55:30

Further to my thread where I rubbish all the other supposedly secure cloud storage solutions in favour of using Dropbox with EncFS I thought it would be worthwhile having a discussion here with people about this particular encryption program! As I am sure most of you know EncFS is a crypto filesystem that has been around…

15-10-2015 10:55am

#1

anvilfour

Closed Accounts Posts: 720 ✭✭✭

Join Date: April 2015

Posts: 671

Further to my thread where I rubbish all the other supposedly secure cloud storage solutions in favour of using Dropbox with EncFS I thought it would be worthwhile having a discussion here with people about this particular encryption program!

As I am sure most of you know EncFS is a crypto filesystem that has been around for about ten years (most recent update was in March of this year).

The reason I like it for storing data in the cloud is:

- It's compatible with the BoxCryptor mobile app which can be used to encrypt your data before putting it in Dropbox or your cloud storage provider of your choice.

- Your data is encrypted "in place" so can grow and shrink to the size you need as opposed to creating a huge container in the cloud to place everything in, very important if you only have limited storage space.

- If one file gets corrupted, you can still recover the rest of your data, EncFS pops an XML file detailing the encryption scheme and your password hash into the folder with your data.

This said EncFS has been subjected to a 10 hour security audit which uncovered several vulnerabilities. This apparently centres around the fact that the same key is used to encrypt every file, meaning if someone could take snapshots of your encrypted data over time then they may be able to reverse engineer your password. This doesn't worry me too much as I have searched hard and haven't yet found an example of someone doing this.

Second your entire filesystem as mentioned before is encrypted in place. This means no plausible denial that you have encrypted files, also it may be possible to tell what kind of files they are e.g a 500MB file is very unlikely to be a picture!

I would love to hear anyone else's thoughts if they use this and if they have another method of securing their data in the cloud, feel free to share. As before would appreciate it if we take it as read that you do want to keep data on another server besides one at home which can be destroyed by fire or seized by government thugs along with your other devices.

0