3

I'd like to use EncFS to encrypt files synced with Dropbox. Unfortunately, its Wikipedia page https://en.wikipedia.org/wiki/EncFS mentions security concerns from an audit of version 1.7:

EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times.

Someone with access to my Dropbox account will have exactly that: Dropbox stores multiple previous versions of a file after it's been modified which is exactly "two or more snapshots of the ciphertext at different times".

In 2015, this has been confirmed in this question for example: Is ENCFS secure for encrypting Dropbox?

Regarding version 1.8, Wikipedia states:

The announcement of EncFS 1.8 included several underlying design changes, acknowledging the security concerns raised in the previous audit. However, certain concerns still remain regarding those vulnerabilities.

Which concerns do remain? Is the issue regarding Dropbox fixed?

Also, according to https://github.com/vgough/encfs/releases the most recent version is 1.9.5, now.

Is it still not advisable to use those recent versions of EncFS to encrypt Dropbox? Does the issue with "two or more snapshots of the ciphertext at different times" still exist?

finefoot
  • 213
  • 2
  • 9

1 Answers1

2

This depends on who you are trying to secure it against. The most common scenario is you want to prevent identity theft or/and keep information a secret from your room-mate or relative.

An identity thief will not be spending hours of his time cracking files of one individual considering slim chances of success and questionable outcome. That's way too much effort for them. Unless you are a multimillionaire which I doubt considering you are here :)

As long as you relatives are not security researchers they shouldn't be an issue.

However if you are a person of interest for FBI / NSA / CIA etc then I'd recommend solutions that provide plausible deniability in conjunction with a good lawyer :D

oᴉɹǝɥɔ
  • 121
  • 4