-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EncFS development ? #314
Comments
I'm adding a comment because I'm interested in this discussion. I mostly just do code reviews for this project and find little things here and there to contribute. |
Hello,
I completely agree with you, encfs is a very useful tool, and it would be
great if the security issues from the audit were resolved.
I have the impression that most of them could be resolved in "one shot"
just by moving to the GCM cipher mode of operation with 128 bits IVs and
MACs. Libgcrypt supports this mode of operation,and surely openssl, and I
proposed a PR following the open issue. Even more, I don't think it would
be very difficult to move to GCM if you don't mind having a "whole new"
version 2.0 that doesn't read the current disk format, forcing users to a
manual migration to the new version...
Is there any roadmap or active development in order to fix those issues?
Best regards !
|
The EncFS project has been running for pretty long now, the git history goes back to 2008, and the first release was 2003. Development has stalled for a while until the project moved to Github in 2014 with the help of @samrocketman . The original author, vgough, put this paragraph on the front page:
There are still fixes and smaller changes being merged, and occasionally vgough pushes a bigger thing (like replacing the whole build system with cmake). This is mostly maintainance, though. There is no development happening towards a new on-disk format that fixes the security issues, the so-called "EncFS 2.0". I think to make EncFS 2.0 happen we will need somebody to step up and lead the "2.0 project". |
Why I don't see 2.x branch? I hear about Encfs 2.0 coming, but I cannot find the code... @vgough if you provided a crowdfounding page to support the project, I'd happily make a PayPal donation. |
Well, that's because it does not exist. As you may know, my opinion for EncFS 2.0 was to start afresh, and the result is called gocryptfs. It's stable already and has been audited recently. |
Thank you very much @rfjakob for your feedback 👍 Do you have some news from @vgough ? Do you think he would be OK to lead the 2.0 project ? Perhaps we could also think about closing issues which do not need to be opened anymore ? And what about PR which are opened, will they be reviewed & merged ? Many thx again 👍 |
One minor correction, though not very relevant for the overall discussion. I migrated the project from SVN preserving authorship. That's how I have commit access despite not making any meaningful contributions (other than the migration, some documentation, and a few reviews). I'm mostly a user of EncFS and cared about it continuing. |
Ah, I was not aware of that, nice! I updated my comment. |
@benrubson No, I have not heard from vgough for a while, but he does merge pull requests every now and then. I'll also continue to try to review and merge pull requests. But I can only merge things that I can confidently judge as safe. As for the 2.0 project, I think somebody else will have to lead it. |
@rfjakob many thanks for providing info about your project gocryptfs! Can you post a link to a security audit? As far as I know among gocryptfs, ecryptfs,cryptomator, securefs, CryFS and encfs only the last one has had a professional audit. For that reason I prefer to keep on using a software with known holes rather than believe others don't have it. |
The gocryptfs audit is here: https://defuse.ca/audits/gocryptfs.htm |
@rfjakob I appreciate gocryptfs (I use it), but there are a lot of usability issues around it. EncFS is currently usable on Android, gocryptfs is not. I just went through 2 hours of compiling SiriKali and gocryptfs on a friend's Mac, with the end result of gocryptfs being unable to mount the volume (could be a go-fuse issue rather than crypto issue). We have both EncFS and gocryptfs volumes, so we could compare .. and EncFS just worked immediately on the Mac. Starting afresh is probably the best option 14 years later, but there's a lot to still do. |
I agree, as I stated there : |
One comment I'd like to add. As a user of EncFS I really appreciate all of the work @vgough @rfjakob @benrubson @danim7 @charles-dyfis-net @jetwhiz and all of the contributors who have kept this project alive. I enjoy using your work to secure personal files. |
We do have, many thanks for being back into the business since a few weeks 👍 |
Thank you all for keeping encfs alive. A few years ago, I had created a development branch to really cleanup code, separate out legacy cipher from new cipher framework, and add a few alternatives to openssl. Some bits of that, like cmake support, were eventually merged into master, but I don't have that kind of time today for large changes. If I were to start over, I like rfjakob's work on gocryptfs, in part because Go has been my primary language for work the last 3 years. If you're running on Linux, I'd give it a try. Unfortunately the "pure go" FUSE library may be hit or miss for a while, since what's really standardized in FUSE between platforms is the FUSE C API rather than the wire protocol. Eventually I expect that the available Go FUSE libraries will be good enough to work on all platforms, and if I were to start encfs today I would almost certainly use a language like Go. |
Unfortunately yes the go FUSE lib is not available everywhere, whereas the FUSE C API is, and is really actively maintained and updated. I think that with last committed bug corrections, sanity checks and lint methods, the upcoming version will be nice and "strong". Improving it at least correcting security issues listed in first post would make it brillant, without having to migrate (personal usage and/or productions) to a new product (which is then sometimes impossible). Many thanks 👍 |
…72..37bc3ac 37bc3ac upping the version to 5.0.1 to fix release vs. source problem 8c9e313 remove error string inline. hopefully helps with odd linking issues 563ee82 Merge pull request vgough#571 from hyperair/cmake-add-test 4ee9ebd Merge pull request vgough#570 from jasjuang/master a4f48c1 Merge pull request vgough#572 from Dmitry-Me/swapFoundAndExpected 9832a5f "Found" and "expected" were swapped in some tests 48d45b2 Use `make test` in travis.yml 5381145 Use CTest to add xmltest as a testcase so make test works a5ab98a fix issue vgough#516 369f306 Merge branch 'master' of github.com:leethomason/tinyxml2 8bba8b4 mark unused enums 3f169ac Merge pull request vgough#568 from Dmitry-Me/checkParsingErrorEarlier 86be0cd Merge pull request vgough#566 from redagito/master aea64c4 Test parsing result as early as possible dfcf548 CMake fix for static library only build 9201bb9 Merge pull request vgough#563 from Dmitry-Me/betterParameterNameInClone 3f63f21 Better parameter name 9e2d29b weird compile issues 82bb074 tweak test 224ef77 add test case 8a76361 fix incorrect factoring bc52755 Merge pull request vgough#558 from leethomason/clone 5cfb946 Merge pull request vgough#562 from Dmitry-Me/testMemoryLeaksInDebugHeap 275067a Merge pull request vgough#561 from Dmitry-Me/unlinkedElementsAssertions ed78570 Programmatically check no leaks are reported in the VC++ debug heap c2f677b Unlinked nodes assertions 1346a17 tweak comments. fix copy to self case. 1bbc66b Merge branch 'master' into clone e84f68a Merge branch 'memleak2' b754ddf address feedback from review 7ce75bc Merge pull request vgough#557 from jasjuang/master 816d3fa Fix string leaking (and destructors not getting called) when there are XMLNodes that aren't in the document tree 53858b4 minor formatting fix and very strange memory tracker missing ced18c0 missing var?? a30f8bd Merge remote-tracking branch 'origin/master' into clone b29f556 comment 7085f00 deep copy and clone f66441e add in support for cmake export, manual Findtinyxml2.cmake is no longer needed 33a1f8b Merge pull request vgough#552 from Dmitry-Me/ensureNoOverrunBeforeCopy 7538286 Merge pull request vgough#535 from jnguyen75/build-tests-option 243ddf5 Ensure no overrun before copying 105f32f Merge remote-tracking branch 'origin/master' into build-tests-option 174a5df Merge pull request vgough#551 from eco/patch-1 9333cfd Add "d" library suffix for debug builds 7b40ce1 Merge pull request vgough#534 from jnguyen75/ref-test-resources b840b7e Merge pull request vgough#547 from Dmitry-Me/clarifyVariableNames 10b8ecc Clarify variable names 2b0453f Merge pull request vgough#545 from Dmitry-Me/fullyUseEnum e503563 Fully use enum fc05f63 Merge pull request vgough#543 from Dmitry-Me/pointerAssertInShallowEqual ba68a3a Pointer assertion 395ea09 Merge pull request vgough#538 from Dmitry-Me/suppressC6011 71e2c08 Merge pull request vgough#537 from Dmitry-Me/clearerMemberName 7221b49 Suppress C6011 code analysis false positive warning ae8a82a Clearer variable name 92c0ef3 Merge pull request vgough#527 from Dmitry-Me/reuseNodesCreationCode 2aebfb7 Extract and reuse nodes creation code 1e0b4e6 Use generator expression to specify target output directory for resources directory 7f2ce0d Updated Windows build script to change directory instead of copying files to run xmltest 6bf64fb Use CMake to create resources/out directory 47c7d70 Added BUILD_TESTS option to enable/disable building of xmltest b37cb42 Merge pull request vgough#513 from leethomason/bool-write 0f42e24 Merge pull request vgough#529 from Winestone/master 969b8c2 Replaced DATA_COPY target with post build command to copy the resources directory 5277134 Removed empty install() command 4a07484 Fix typo in CMakeLists.txt 962732f Merge pull request vgough#520 from Dmitry-Me/initMemberVars2 d120d64 Initialize member variable 1f5ab7c Merge pull request vgough#517 from Dmitry-Me/initMemberVars f89bd3e Initialize member variables c5c99c2 tweaks to bool serialization f458d26 fix const. hopefully. ce667c9 ability to set bool write values 5b733ff Merge pull request vgough#504 from Dmitry-Me/ensureLinkPointersAreNotOverwritten c3a1915 Merge pull request vgough#510 from leethomason/kezenator-line-numbering e90e901 tweaks, clarification to line numbers 0027138 Merge remote-tracking branch 'origin/master' into kezenator-line-numbering 855a66c Merge pull request vgough#509 from leethomason/fix-win-dll-build ef7fe0f fix windows dll build/run 34a3f8e Ensure existing attributes are not leaked on attribute insertion 19d8ea8 CodeReview Fix: GetLineNum()? e353181 CodeReview Fix: initialLineNum? Something a little more descriptive? e3d4415 CodeReview Fix: The initializer syntax isn't used. Should be 'int unusedLineNum = 0` 4f75616 CodeReview Fix: The non-const reference syntax isn't used in the codebase. Should be a pointer. 2489afc Merge branch 'master' of https://github.com/leethomason/tinyxml2 a43ff72 Removed line numbering support as an advantage of TinyXML-1. Added error reporting system that discusses the support for line number information. ec69415 Added line number reporting to parse errors and to all nodes and attributes for parsed documents. 156bc1b Merge pull request vgough#502 from Dmitry-Me/reuseClearError 5bbb6fb Merge pull request vgough#500 from Dmitry-Me/reuseAttributeCreation 5a70071 Added static method to convert arbitrary ErrorID to a string. Updated tests to print ErrorID and bool values as strings. 0d2cef0 Reuse code for error clearing a60caa2 Reuse attribute creation code f80d78d Merge pull request vgough#499 from Dmitry-Me/unifyNullComparisons ebb1660 Unify null pointer checks 7de0b6d Merge pull request vgough#493 from leethomason/jwittner d04f21c Merge pull request vgough#496 from Dmitry-Me/detectDeclarationPlacement 446c3bc Declarations should occur before anything else cd47f8e Merge pull request vgough#495 from Dmitry-Me/pointerAssertionAfterIdentify 4336431 Pointer post-assertion 13cbc9a add test files. fix doc. c9a6102 Merge branch 'master' of git://github.com/jwittner/tinyxml2 into jwittner-master 6bbcda0 Merge pull request vgough#490 from Dmitry-Me/avoidCastToSigned 15ad071 Merge pull request vgough#489 from Armagetron/master ed2627e Merge pull request vgough#487 from jwittner/dev/slnFixes c5f1e7c Avoid cast to signed integer type 3c21d6f Use correct file pointer f6106be Merge pull request vgough#488 from Dmitry-Me/reuseElementWithNameCheck ecb9b07 Reuse "is element with name" check edb3261 Ignore SLn output dirs, VC files 01f6cca Standardize output directory - fixes conflicts 513e69b Merge branch 'master' of https://github.com/leethomason/tinyxml2 cf3dd09 Move implementations to cpp e8157ff Merge pull request vgough#484 from kainjow/patch-2 b2f4dc2 Merge pull request vgough#483 from kainjow/patch-1 0d3de1e Merge pull request vgough#482 from Dmitry-Me/stringEqualAssertions 318252a Fix warning on PowerPC 3c97724 Fix typo 21f9969 Assertions in string comparison f00c179 Merge pull request vgough#480 from kurylo/fix/2016-09-29-cmake-warning 7fcf31b Merge pull request vgough#477 from bejado/XML_NO_ERROR_Comments 6f1ad61 Merge pull request vgough#471 from Dmitry-Me/loopInvariantAssertions aad6187 Fix cmake warnings on new cmake versions. 3b9cf99 Update comments to reflect single successful return type e9b547a Merge pull request vgough#475 from Dmitry-Me/splitAccessAndAdjustment 3a621f5 Added default values TypeText accessors fed5112 Split access and pointer adjustment 584af57 fix error string memory errors 2e14517 Merge pull request vgough#474 from Dmitry-Me/unifyIncDecOps 24694e9 Merge pull request vgough#473 from Dmitry-Me/preferConstAccess 0d667f8 Merge pull request vgough#472 from Dmitry-Me/pointerAssertionsStrPairSet 3161a33 Unify increments and decrements 2449582 Use const where const is enough 6fc38ec Pointer assertions for substring f9f3c3e Loop invariant pointer assertions 4fe8c10 Merge pull request vgough#469 from Trebgarta/master a369d4b Merge pull request vgough#468 from Dmitry-Me/reuseDeleteChild 1f212f3 Bool-related tests modified to pass de45d04 SetAttribute: true/false rather 1/0 9cb4eca Reuse DeleteChild() 0bb5901 Merge pull request vgough#466 from Dmitry-Me/makeCommentMoreConcise 9faf14d Merge pull request vgough#465 from Dmitry-Me/unifyNodeDeletion cb6461c Merge pull request vgough#464 from mwoehlke-kitware/elf-visibility c7805c5 Merge pull request vgough#463 from Dmitry-Me/clarifyMemoryPoolParts caa72a6 Make comment more concise 4de7abb Unify node deletion 8170bdc Build with hidden symbols by default a8e7ea7 Set ELF visibility 88145b8 Clarify "block" and "chunk" 75c8f40 Merge pull request vgough#459 from Elbrasch/master 1043f6f Merge pull request vgough#460 from Dmitry-Me/pointerAssertion db02b21 Pointer assertion for contract clarity e1a82c1 Added void XMLPrinter::PushText( int64_t value ), which was declared but not implemented. 74d44ac fix compile issues on clang c944546 fix permissive casting. 5bf60e9 try to fix the lld issue 6ba2a07 upping the major version. lots of small (incompatible) changes, and the addition of int64 support. af9bce1 support user data 536a4cd Merge branch 'master' into int64support 098bd1f fix project file version 53b0727 Merge pull request vgough#453 from morinim/issue425 0f45b24 Fixes issue vgough#425 d7e5f47 Merge pull request vgough#445 from kurylo/master 2818e67 Add INCLUDE_DIRECTORIES on the targets for supported cmake versions. 2fe47ea Merge pull request vgough#443 from TheZoc/patch-1 04639a5 Standardized static library output name 1889c3e try to make gcc happier 51c1271 add int64 support a572db1 ps3 support 8553625 one successful return type. simplify build on vs2015 df4ffc0 fix warning up from vs2015 41599e2 Merge branch 'master' of git://github.com/TheZoc/tinyxml2 into TheZoc-master ceb6468 Merge pull request vgough#438 from TheZoc/osx-makefile d3f5c31 remove unused XMLBase 48daa2d Updated Makefile to allow building TinyXML2 as a static library 31d6c87 Merge pull request vgough#435 from ongjunjie/master 1f16f9d Updated to VS 2015 47f9931 minimize file copying on incremental builds bb4d246 update to VS 2013 97837e7 Merge pull request vgough#428 from wvvelzen/WarningsFix 3d60e25 Merge pull request vgough#427 from wvvelzen/bcb6fix 0aeac18 Fix 2 "Condition is always true" compiler warnings. 67abee5 Fix for Borland C++ Builder 6 fe5dbdb Merge pull request vgough#414 from ReadmeCritic/master d175e9d Merge pull request vgough#413 from Darksun2010/master ff71413 Correct the capitalization of Xcode in README 6bf8a07 space misses in the comment of CMakeLists.txt c8dad95 Merge pull request vgough#410 from Dmitry-Me/assertForFTellReturn 96b110d Assert to ensure ftell() behaves as expected by later code 9ff6654 Merge pull request vgough#407 from JarleStrand/fix-deletechild 81abfd6 Error fix DeleteChild 9c8582c Merge pull request vgough#401 from Dmitry-Me/assertForNonNullString 0515fa9 Assertion in StrPair::SetStr() f47b20f fix readme syntax dffea57 remove mystery comment fe5b7a5 Merge pull request vgough#393 from Dmitry-Me/fixSetTextDescription 9e9c85b Fix SetText() description spelling 7bc9201 remove static-assert accidentally checked in. 598a88d used stdlib strncmp function e4c0738 Merge pull request vgough#383 from Chocobo1/travis f2c6b11 readme.md: add CI build status badges a58de11 Add appveyor.yml 87a8e71 TravisCI: support osx build e4f8ba8 Merge pull request vgough#381 from ya1gaurav/patch-1 a589da4 Merge pull request vgough#380 from Dmitry-Me/getRidOfWtypeLimits 60af433 Travis also support clang. 901fed5 Get rid of -Wtype-limits warning 2aee5e1 Merge pull request vgough#379 from renu555/renu555-patch-5 27eb078 Merge pull request vgough#372 from jasjuang/master d7f2cce Create .travis.yml 8ac308d Merge pull request vgough#376 from renu555/renu555-patch-1 871d72f Build tinyxml2 as static library b5d51e8 Merge pull request vgough#371 from PKEuS/master f6002e6 add in support for sudo make uninstall cac7578 Declared *PRINTF wrappers as static 2beb560 Merge pull request vgough#367 from Dmitry-Me/preAssertsToEnsureNoBufferLeaks 96f38cc Asserts to ensure old buffer is not leaked when allocating a new one bb8fd3c Merge pull request vgough#364 from PKEuS/master 7ae888a Merge pull request vgough#363 from Dmitry-Me/outputLengthAsserts d101a9b Merge pull request vgough#366 from yang-le/master 14d5490 add *.o to .gitignore 358202c Moved include of <cstdarg> to cpp file 1d32e58 Asserts for formatted output length 78fca3d Merge pull request vgough#361 from RossBencina/master fd6ad7e Merge pull request vgough#362 from Dmitry-Me/useElementName 886ad97 Use "name" for element name e7fa0e1 fix compiler warning (XCode 4.6.1 x86_64) tinyxml2.cpp:2146:77: Implicit conversion loses integer precision: 'const size_t' (aka 'const unsigned long') to 'const int' eb89ef6 Merge pull request vgough#360 from Dmitry-Me/documentConsistencyAsserts 66487eb Document consistency asserts 400e5b2 Merge pull request vgough#358 from Dmitry-Me/betterDocumentWarningSuppression 8dd493b Better document warning suppression code 4824e95 Merge pull request vgough#343 from Dmitry-Me/checkEntityWasPrinted 70fd52a Merge pull request vgough#354 from Dmitry-Me/properCapsVisualStudio 1ca593c Proper capitalize Visual Studio in comment aebaeea Merge pull request vgough#353 from Dmitry-Me/unselessConst 73f08a3 Merge pull request vgough#352 from Dmitry-Me/consistencyAsserts aa8566b fix a macro version check 7865aad Useless const 2f5a103 Consistency asserts 53db4a6 move to cpp file. 1527cf4 Patch for Visual Studio 2003 and earlier. 2b2649e Merge pull request vgough#349 from Dmitry-Me/properHandleSmallBufferOnCe 687bf82 Don't use -1 as buffer length 39c399a Ensure proper pattern was found and printed 91f2dcf Merge pull request vgough#342 from Dmitry-Me/testErrorNames 32de9f0 Merge pull request vgough#341 from Dmitry-Me/cleanupComment a1beddf Test error name is non-empty for the whole range 962083b Remove redundant comment, fix typo and formatting 735ce51 Merge pull request vgough#339 from Dmitry-Me/properFixGccSignCompare ca86a0f Proper fix gcc -Wsign-compare c879a4d Merge pull request vgough#338 from Dmitry-Me/removeAmbiguousEnumItems 949ae37 Merge pull request vgough#337 from Dmitry-Me/checkEntityFoundExplicitly 03d0f4e Merge branch 'SirR4T-assert-fires-when-calling-XMLDocument--Value' 8549202 clean up Value of XMLDocument c52aa55 Merge branch 'SirR4T-patch-1' 7a93b33 tighten up the error checks 2ecc203 Merge branch 'patch-1' of https://github.com/SirR4T/tinyxml2 into SirR4T-patch-1 5420e54 Get rid of two distinct enum items with same same 764545e Explicitly check entity was not found 3df007e Fix and use correct pointers and types. 96b4346 Remove unnecessary cast in XMLNode::Value() d608c56 Fix up xmltest.cpp ff53d71 Merge pull request vgough#335 from SirR4T/SirR4T-add-DEBUG-macro-in-CMakeLists_txt 1bf04fd Merge pull request vgough#330 from Dmitry-Me/avoidUnneededPrinterCreation 9afd1d0 Clarify meaning of 'empty' 9c3122b Bypass asserts for `XMLDocument::Value()` 13b2d73 Add null-checks in `XMLTest()` a7edb88 Add a test case for issue vgough#323 39a77dd Define the `DEBUG` macro in CMakeLists.txt 8e85afa Fix whitespaces in xmltest.cpp 2f0d173 Fix whitespaces in tinyxml2.cpp a0f499d Fix ParseDeep() to close issue vgough#332 2bb6bb5 Add a test case for issue vgough#332 67c429e Avoid unneeded printer object creation e5e5541 Merge pull request vgough#328 from Dmitry-Me/firstCheckThenConvert 72801b8 First check, then convert 89df56c Merge pull request vgough#327 from Dmitry-Me/ensureFileSizeFitsInSizeT 2a8b1f5 Ensure file contents fit into size_t range 882e89e Merge pull request vgough#326 from Dmitry-Me/cleanupPointersComparison a295da4 Merge pull request vgough#324 from Dmitry-Me/checkWithoutClangTautological 69d521d Unify pointers comparison, consistency asserts 2ad4320 Range check without clang "always true" warning 4f0c2ff fix 'always true' warning 70f2c74 Merge pull request vgough#322 from Dmitry-Me/detectParsingErrorEarlier ccd267a Detect parsing error earlier when looking at end of tag 9f24acd Merge pull request vgough#321 from Dmitry-Me/dontLeakTheElement e3932d6 Merge pull request vgough#319 from Dmitry-Me/getRidOfNull 5ea4f3c Merge pull request vgough#315 from Dmitry-Me/orderPatternsAsTheyAreSearched 2d39158 Merge pull request vgough#317 from Dmitry-Me/moreConsistencyAsserts 5daa54c Don't leak the element e76b851 Get rid of NULL, cleanup formatting 9614f8f More consistency asserts 4a0392d Merge pull request vgough#314 from Dmitry-Me/ensureEnumIsPrintedProperly 0aa957a Merge pull request vgough#313 from Dmitry-Me/shouldBeNoErrorInitially 400f119 Ensure enum is printed properly 32533ca Test there's no error initially, proper swap "found" and "expected" a1a4a13 Merge pull request vgough#312 from Dmitry-Me/newDocumentMustBeEmpty 4034395 Merge pull request vgough#311 from Dmitry-Me/betterParameterName 2a2ed16 Merge pull request vgough#310 from Dmitry-Me/moreConst 1881344 Merge pull request vgough#309 from Dmitry-Me/makeParseDeepProtected 48b5df0 Document must be initially empty 0400922 Better parameter name 2667aab Const qualifiers where access is const, unify formatting 9b0f177 Make ParseDeep() protected 51b3332 Merge pull request vgough#308 from Dmitry-Me/mergePrintCalls 8c067ab Merge pull request vgough#307 from Dmitry-Me/simplifyOverengineeredCode fb33e99 Merge pull request vgough#306 from Dmitry-Me/printSubstringEntirely 6a79c17 Merge Print() calls 8d4e0ec Simplify overengineered code c505e13 Order patterns the same way they are searched d95172b Print entire substring instead of each character 28c7c8c Merge pull request vgough#305 from Dmitry-Me/errorShouldBeClearedAfterLoad 55c7879 Merge branch 'Haloric-Issue-302' f657783 merge fix for save file error d9852a5 If LoadFile() fails then subsequent successful LoadFile() must clear the error ea21390 Merge branch 'Haloric-Issue299' 3ccb1ce minor formatting cleanup 189198f Issue 302: clear any previous save error 148cc1a Issue 299 - test for code changes 7e74477 Issue299 - Allow Accept() to work with element trees that are not linked in to the owning document. 32cca51 Merge pull request vgough#300 from davidsanfal/master 01969dc Merge remote-tracking branch 'origin/master' 2b1e181 Merge pull request vgough#298 from Dmitry-Me/fixCommentTypo 5ea1cf3 Merge pull request vgough#297 from Dmitry-Me/betterAssertsInParsing 4633c3a add biicode support 2f465c4 Fix comment typo 3dc797b Better asserts in parsing git-subtree-dir: vendor/github.com/leethomason/tinyxml2 git-subtree-split: 37bc3aca429f0164adf68c23444540b4a24b5778
@vgough Hey, I've been using your software for some years and I love it, thank you for creating it. I reccomend it to my friends if they're interested in securing data. Also a thanks to @rfjakob @benrubson @danim7 @charles-dyfis-net @jetwhiz and all other contributors who helped make this software great. |
@benrubson a late-comer with an improvement suggestion: add the ability to use smart card (say, PIV and OpenPGP) for volume key wrapping (asymmetric crypto). |
Thanks for your work @benrubson |
Hello, I would strongly suggest to update your README.md about the current project status including a time stamp. From reading your README.md it is not clear what is going on. Also the repo itself is not archived yet. To my understanding EncFS is not in active development and won't be in the future. Does anyone have a migration guide? |
It's kind of in the same state as it was originally. It's up to project contributors to drive the project; so if nobody is contributing it stagnates. That doesn't necessarily require the repository to be archived. If by current maintainer suggesting gocryptfs you mean, vgough; I don't see how they suggested what you should use instead. They were musing on if they had to do it all over they'd start with Go and come up with something like gocryptfs. Their comment was clear at the time that go-FUSE didn't provide as good of portability as C bindings. Bear in mind this comment was written 6 years ago so a lot could have changed. I don't think quoting such an old comment and holding it as their current opinion presents their intent in good faith. I doubt anyone here can help with your migration unfortunately (I just use EncFS and others took up the mantle to contribute to EncFS but then moved on to other things). Such is the way of open source sometimes. In general, file based encryption at the file level is going to have some limitations; I suggest looking more into encrypting TAR via standard, modern encryption, such as GPG. In my case, I encrypt my drives with LUKS. I would look at solutions which provide fully wrapped encryption if you want to avoid the security issues pointed out completely (i.e. having multiple copies of encrypted files whose known contents is changing could weaken their seal). |
@samrocketman, ...to admittedly go off on a tangent from a very minor piece of your comment (which I otherwise have no qualms with) -- I'm not sure GPG can be described as modern (though OpenPGP being literally standardized, there's no room to argue with "standard"). We know better today than to try to build indefinitely backwards-compatible protocols (enabling downgrade attacks and the ability for attackers to construct content that triggers little-used or untested codepaths, both of which OpenPGP implementations are prone to), which is why modern tools like minisign or saltpack or age deliberately bake in their algorithm choices. We know better today than to try to build encryption tools with streaming APIs that treat decryption and signature validation as two completely separate operations (such that content can be decrypted and streamed to stdout -- and thus used by software trying to consume it -- before any signature validation is performed; older versions of OpenPGP also let an attacker strip the signature packets altogether without causing a consumer to even exit with a nonzero status -- but when you're streaming a decryption operation to something like We know about Authenticated Encryption with Associated Data -- with widespread and solid implementations of algorithms like GCM sitting at the heart of newer tools -- and the importance of designing wire protocols and data formats to make the obvious and easy implementation more likely to be correct, design considerations that were a decade away from being taken seriously in cryptography when PGP was first designed. Today, we know better than to use PGP. |
Didn't mean to paint myself as an expert; hopefully I made clear I am a user of EncFS and don't really dive into its internals. The only reason why I'm particular to using GPG over other tools is during the snowden revelations the leaked NSA files mentioned GPG gave them trouble. So as an encryption layman I tend to lend it some trust from that real world breach of information. I don't have any scientific reasoning as to why anyone should use anything so I probably shouldn't have suggested any alternatives; I was trying to be helpful but it could lead others down the wrong path in this case. |
Hi,
Of course I think I'm not the only one to widely use encfs, which is a very nice and useful product.
I then think that many of us would really be happy to see the encfs development start again, at least to correct the well known security issues.
@vgough, may I then ask you, do you have some plans regarding this ?
@rfjakob, perhaps you also have some plans ?
Here is the list of important security issues :
Related improvement ?
Interesting improvements :
I pushed some PR in the past few weeks to correct some issues, to improve error checking, to add some new options... but not sure I'll be able to handle the above few points.
Many thanks for your feedback 👍
Ben
The text was updated successfully, but these errors were encountered: