5

If I choose the paranoia option for EncFS and for TrueCrypt I create containers using the encryption algorithm AES-Twofish-Serpent and the Hash Algorithm Whirlpool. Are both methods equally secure, or is 1 method more secure than the other?

As based on https://defuse.ca/audits/encfs.htm, EncFS seems to have some issues.

If I am right to assume that TrueCrypt with those settings is more secure than EncFS with the paranoia option, is it possible to make EncFS as secure if not more secure than TrueCrypt?

Ignore the second part if both EncFS and TrueCrypt are equality secure.

oshirowanen
  • 705
  • 3
  • 10
  • 21

2 Answers2

3

When we're talking about security, we're talking about security of the data. In this case it's really not just the encryption algorithms that need considering but the implementation of it and the software used.

There are examples of when poorly implemented crypto technology meant that significant information could be gained about the data 'encrypted' or even the original data itself. The main example is usually SSL where no certificate validation is performed, meaning breaking it is a simple matter of intercepting certificate exchange and injecting your own.

What you need to ask yourself is how well vetted the software implementing the encryption is. Arguably TrueCrypt is the more mature solution, as well as currenlty undergoing a public auditing sponsored by some big infosec companies: http://istruecryptauditedyet.com . These audits are performed because you really don't know if anywhere along the encryption implementation has a weak-point. It only takes a single chink in the chain to expose sensitive data.

For this reason, I'd side with TrueCrypt being 'more secure' than EncFS - but the reality is they could be both just as secure. Without reviewing the source code, which is a big task, you can't always tell.

deed02392
  • 4,038
  • 1
  • 18
  • 20
0

My option is that it doesn't depend much on what tool you use. If the encryption is secure and still there aren't any vulnerabilities in it also your password must be long and hard to crack, you shouldn't have any problems.

guest
  • 1