2
I recently had a harddrive crash and it seems it has corrupted the ecryptfs files(and ofc some others nearby). I wanted to know if I can still recover the content as I saw that there were actually some files in the .Private directory.
user725791
Posted 2017-05-07T19:34:37.497
Reputation: 21
1
Yes, ecryptfs encrypts the individual files (typically using AES encryption if I recall). The data is encrypted at rest.
That said, there are significant limitations to slightly older (think 2015 and earlier) implementations, particularly CV-2014-9687 among others - making it better then nothing, but not in the same league as LUKS full disk encryption. (Generally this package has a less-then-stellar security record, but its certainly better then nothing, and useful when you need to sync at a file - just don't forget to back up the .encfs? file as well.
davidgo
Posted 2017-05-07T19:34:37.497
Reputation: 49 152
Less than stellar? Perhaps you're confusing eCryptfs with encfs (since, later in your response, you talk about .encfs, rather than .ecryptfs). Full disclosure: I'm one of the authors and maintainers of eCryptfs. – Dustin Kirkland – 2017-05-08T16:03:07.847
You are probably right, but when I researched full disk vs file encryption all (Linux) file encryption options came up wanting.y I have a vague recollection had to do a weakened encryption when your adversary had at least 2 copies of your data with some changes allowing drastic reduction of key space. – davidgo – 2017-05-08T20:32:43.010
4Ecryptfs is not full disk encryption. It just excrypts the individual files. – Ramhound – 2017-05-07T20:27:47.453
@Ramhound Yes I read about that but does it really encrypt the file or just the pointer to that file aka the inode? – user725791 – 2017-05-07T20:32:56.880
It encrypts the file; Attempt to open the file; it will be encrypted; – Ramhound – 2017-05-07T20:36:38.470
@Ramhound ok thanks. I tried to but I'm not sure weather it really was encrypted or just was an executable file. So if I were to image the disk I would still not read those encrypted files. – user725791 – 2017-05-07T20:38:18.553
Why don't you open a file you known isn't an application? – Ramhound – 2017-05-07T20:41:24.843
1@Ramhound that because my whole Home folder is encrypted and I'm from a Live USB stick and all the folders inside home directory have cryptic names. IDK which is which – user725791 – 2017-05-07T20:43:39.903
FYI, I wrote a utility, ecryptfs-recover-private, that helps recover Ubuntu encrypted home directories: http://blog.dustinkirkland.com/2011/04/introducing-ecryptfs-recover-private.html Full disclosure: I'm one of the authors and maintainers of eCryptfs.
– Dustin Kirkland – 2017-05-08T16:04:24.027