Web lists-archives.com

Re: Looking for advice on tools (or libraries) for unsupervised, bulk symmetric encryption/decryption of files




On 13/01/2019 12.46, Celejar wrote:
On Fri, 11 Jan 2019 21:45:57 +0000
I believe that the most commonly used software for file level
encryption is EncFS. I haven't really used it much, and can't speak to
its long term stablity.

EncFS should not be used for any new file encryption project, IMHO.
There was the following report in 2014:
https://defuse.ca/audits/encfs.htm
This is referenced in the NEWS file in the EncFS package
https://salsa.debian.org/debian/encfs/blob/debian/sid/debian/NEWS

Both the report and the NEWS file are 5 years sold so I am not sure of
its current status but I'd want to seek positive assurance.

Huh - good to know. But I was wondering, along similar (but less
informed) lines, how good some of the other suggestions were, e.g.
ccrypt. I know very little about ccrypt, but has it even been
audited at all? Is it sufficiently widely used that any vulnerablities
or misimplementations of the sort discovered by the EncFS audit would
have been looked for or turned up?

Looking at encfs, gocryptfs showed up, which claims "This project was inspired by EncFS and strives to fix its security issues while providing good performance":
https://packages.debian.org/stretch/gocryptfs
https://github.com/rfjakob/gocryptfs

No personal experience (yet) of using it though.
--
John