EncFs insecure, what to use now

security encryption cloud dropbox encfs
37,708

Solution 1

In 2019, CryFS and gocryptfs are the best candidates in my opinion. Both were designed for the Cloud, are actively developed, and have no known security issues.

Their design differs, which has pros and cons:

CryFs hides meta-data (e.g., file sizes, directory structures), which is a nice property. To achieve it, CryFs stores all files and directory information in fixed size blocks, which comes with a performance cost.

In contrast, gocrytfs is closer to the design of EncFs (for each plain text file, there is one encrypted file). It is primarily concerned about the confidentiality of the file content and does not have such strong protection against leaking meta information. Like EncFs, it also supports reverse mode, which is useful for encrypted backups.

Overall, the design of CryFs has the edge in terms of confidentiality and tamper resistance. On the other hand, gocrypts has practical advantages (performance, support for reverse mode).

Both systems are relatively new. In terms of transparency, both are open source projects. gocryptfs had an independent security audit in 2017. CryFs did not have such an audit, but the design has been developed and proven in a master thesis and a paper has been published.

What about the others?

EncFS is discouraged because of the unresolved security issues. It is unsafe if the attacker gets access to previous versions of files (which will be the case when you store data on the Cloud). Also it leaks meta information like file sizes. There is a thread about the plans for version 2, but there are no signs that it will happen in the near future. The original EncFs developer has recommended gocryptfs.

eCryptfs has seen a lack of support recently. In Ubuntu, the installer no longer support ecryptfs encrypted /home directories. Instead they recommend full disk encryption based on LUKS. In addition, eCryptFs has been designed for local disks, not Cloud storage, so I would not recommend it.

VeraCrypt (successor of TrueCrypt) has a good reputation from a security standpoint, but it is not Cloud friendly, as everything is stored in one big file. That will make syncing slow. However, on a local filesystem, this is no concern, which makes it an excellent candidate there.

There is a nice comparison of all these tools on the CryFs homepage (looking at core features). Similarly, there is also an extensive comparison of those four plus cryptomator and securefs on the gocryptfs documentation (looking at technical specs, performance, compatibility etc.).

Solution 2

As I write this, there seem to be quite a few open source tools similar to encfs (but more "modern" than encfs) that could be able to encrypt files in a "cloud friendly" way (i.e. providing per-file encryption, keeping modification times, and so on).

Most of them are fine if you are using only Ubuntu or any other Linux system (ecryptfs seems good), but things become difficult if you require interoperability with other OSes and mobile devices, as most of us is expecting nowadays.

Just to name a few:

  • Cryptomator seems to be the only one that works "everywhere", from any GNU/Linux OS to Android. There's even a PPA for Ubuntu and binaries for several other distros and OSes.
  • ecryptfs works only on GNU/Linux systems (like Ubuntu, but also ChromeOS), and it's nice if you won't need to access your files from non-Linux OSes, but people say there may be some problems with cloud sync tools.
  • CryFS it's a young solution, works only on Linux for now, but there are plans to port it to MacOS and Windows as well. Maybe it worths some attention in the future.

You may find also interesting this comparison of tools from the CryFS website.

Solution 3

The conclusion in the link sums it up:

  1. Conclusion

In conclusion, while EncFS is a useful tool, it ignores many standard best-practices in cryptography. This is most likely due to it's old age (originally developed before 2005), however, it is still being used today, and needs to be updated.

The EncFS author says that a 2.0 version is being developed 1. This would be a good time to fix the old problems.

EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.

So the question you need to answer: How likely is it that an attacker can get hold of the ciphertext?

But that audit is from 2014 and was done on v1.7. v1.8 already fixes some of the issues mentioned in the audit:

The first EncFS 1.8 release candidate fixes two of the potential vulnerabilities mentioned in the security audit and brings a few other improvements:

  • improve automatic test converage: also test reverse mode (make test)
  • add per-file IVs based on the inode number to reverse mode to improve security
  • add automatic benchmark (make benchmark)
  • compare MAC in constant time
  • add --nocache option

v1.8 came out in 2014 too.

From the project page:

Status

Over the last 10 years, a number of good alternatives have grown up. Computing power has increased to the point where it is reasonable to encrypt the entire filesystem of personal computers (and even mobile phones!). On Linux, ecryptfs provides a nice dynamically mountable encrypted home directory, and is well integrated in distributions I use, such as Ubuntu.

EncFS has been dormant for a while. I've started cleaning up in order to try and provide a better base for a version 2, but whether EncFS flowers again depends upon community interest. In order to make it easier for anyone to contribute, it is moving a new home on Github. So if you're interested in EncFS, please dive in!

That is from 2013... I would consider the project dead if that was the latest news.

But it does list ecryptfs as an alternative for Ubuntu so have a look at that.

Solution 4

gocryptfs is a new alternative. Performance comparisons are available. The encfs developer speaks positively about it.

Solution 5

Encfs is invaluable because of its reverse feature. This instantly makes off-site, semi-secure incremental backups possible, with no additional disk space cost.

Truecrypt doens't have this, nor Veracrypt, nor ecryptfs.

While encfs 2.0 is being worked on, check out CryFS, which isn't 1.0 yet. Another possibility is fuseflt which lets you create filtered views of directories (e.g. an encrypted view using flt_cmd = gpg --encrypt).

Share:
37,708

Related videos on Youtube

Sebastian
Author by

Sebastian

Updated on September 18, 2022

Comments

  • Sebastian
    Sebastian over 1 year

    I love encfs as it provides file-based encrypting which is quite useful when it comes to cloud storage. But it looks like that especially for this use case, encfs is considered to be insecure. I'm aware that encfs 2 is in development but how to deal with it in the meantime? Are there any alternatives that integrate well in ubuntu?

    Edit: The security issue I mostly refer to is this one. It is still present in version 1.8 and makes your files vulnerable if someone get's multiple versions of your encrypted files. If one is worried about services like Dropbox are not that thrustworthy and encrypts folders uploaded into the cloud because of that, the opportunity that the attacker (the service) gets more than one copy of the cyphertext is absolutely given.

    enter image description here

    • Rinzwind
      Rinzwind over 7 years
      Don't you think your question is a bit late? That audit you link to is from 2014 and the software had 2 updates after that where the 1st solved some of the issues mentioned in the audit. Nevertheless: see the last sentence in my answer : encryptfs is the current default.
    • Sebastian
      Sebastian over 7 years
      As the problem with mutliple versions of a file makes it vulnerable is still given: No.
    • anthony
      anthony over 5 years
      With regards to the included warning text image above, where the storage system owners modify the configuration to simplify the security without the data owners knowledged... This is one reason why I do not believe in actually storing the encfs config file with the actual data directory, but storing it separately to the actual encrypted data. See "Remove the encfs config files from data directory" in my notes... ict.griffith.edu.au/anthony/info/crypto/encfs.txt
  • Sebastian
    Sebastian over 7 years
    Thank you for the detailed answer. But afaik ecryptfs is not usable for securing data in the cloud.
  • Rubi Shnol
    Rubi Shnol about 6 years
    Cryptomator is unusable since extreeeeeemly slow. ecryptfs is not appropriate for clouds. CryFS has been beta for almost 3 yrs. So, these aren't really alternatives
  • finefoot
    finefoot almost 5 years
    "So the question you need to answer: How likely is it that an attacker can get hold of the ciphertext?" I mean, the main issue is that as soon as an attacker has access to my Cloud service account like Dropbox they automatically have access to multiple saved snapshots. And that's where EncFS becomes insecure.
  • finefoot
    finefoot almost 5 years
    I don't know how valuable a feature of an encryption software really can be, if the software is not secure...?
  • leggewie
    leggewie about 4 years
    My personal favorite for securely storing information in the cloud is CryFS. The comparison convinved me. Both CryFS and gocryptfs are available as official Debian and Ubuntu packages.
  • Boris Brodski
    Boris Brodski over 3 years
    No software is 100% secure. It's always a trade-off.
  • Greg Bell
    Greg Bell over 3 years
    Between what and what @BorisBrodski?
  • Boris Brodski
    Boris Brodski over 3 years
    @GregBell between security and effort/usability. You can be more or less paranoid: The effort to hack your encrypted data is depending on the effort you put to secure it. On the other hand, "too secure" means less usable (more effort to access your data). Are you going to build an additional demilitarized zone at home in order to protect your laptops/PCs from attacks from the internet? Or are you ready to never attach your laptop to the internet? All that will gain you higher and higher levels of security, that a normal person don't actually need. So it's always a trade-off :)
  • Greg Bell
    Greg Bell over 3 years
    @BorisBrodski That's just one of the impacts on security. Bugs and poor design would be other causes. If an implementation doubles the size of the keys, security is improved, but usability isn't impacted.
  • Yushin Washio
    Yushin Washio about 3 years
    @RubiShnol To back your statement on bad performance of cryptomator, one can look at the benchmark (Linux) done by gocryptfs which indeed shows an extreme gap to the competitors (read 29 MiB/s, write 15 MiB/s while both ecryptfs and encfs achieve above 100 MiB/s in read and write) nuetzlich.net/gocryptfs/comparison
  • Tim Diels
    Tim Diels almost 3 years
    CryFS (0.10.*) can become corrupted if it gets interrupted while it's writing. E.g. the process gets killed, runs out of disk space or due to power loss. The CryFS comparison mentions "The current version is not considered stable yet by the developers and if you decide to use it, regular backups are strongly recommended".
  • Tim Diels
    Tim Diels almost 3 years
    To be clear, they imply this will get fixed in v1.
  • Tim Diels
    Tim Diels almost 3 years
    gocryptfs man page mentions that when using --noprealloc (required on btrfs), when running out of space during a write, the last 4 KB written will be corrupt. I guess this would also happen if power is lost or the process gets killed.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I encrypt data in cloud storage services like Dropbox?
Dropbox: How to password protect files and folders and maintain accessibility?
Locally encrypt Dropbox folder
Check if Android filesystem is encrypted
What is the best way to encrypt files in AES-256 with PHP?
Nodejs createCipher vs createCipheriv
How do I integrate HSM encryption with JAVA?
How to store private encrypted user data in the database, but make them available to other chosen users?
Password hashing (non-SSL)
How to hash a password with SHA512