Perfect forward secrecy...


(Chocolate Cravings) #21

This looks pretty sad though: https://defuse.ca/downloads/audits/gocryptfs-cryptography-design-audit.pdf


(Stefan Tatschner) #22

the audit is a bit poor IMO:

With the current design, users MUST ensure that no attacker can modify the ciphertext and read from some part of the mounted filesystem, otherwise there will be a catastrophic security failure. Users must also be aware that gocryptfs provides imperfect integrity protections against less-powerful kinds of adversaries, and that those imperfections might lead to confidentiality leaks when certain applications are run on top of a gocryptfs filesystem.

That is part of the design that you mount your encrypted directory somewhere in plaintext. that does not make any sense for me; you cannot argue that your encrypted harddisk ist mounted in plaintext and programs can read the data.

But that is offtopic here.The gocryptfs guys have some place to discuss this.


(Chocolate Cravings) #23

The assumption is that an attacker can both access your encrypted files and parts of your plaintext files. For example, assume that you also have your personal website synced. Then it is possible for the attacker to move encrypted files to the encrypted folder for your website and grab it from the actually mounted folder.

This seems to be the corresponding issue: https://github.com/rfjakob/gocryptfs/issues/90


(Stefan Tatschner) #24

That’s offtopic here. Sry for me introducing this.


(Chocolate Cravings) #25

Only a little. :wink:

After all your suggestion of using a separate product for my purpose is perfectly valid.