Userspace Filesystem Encryption with EncFS
Subject:   not so easy
Date:   2005-04-17 06:57:23
From:   vgough
Response to: Comparison to loop-aes?

Encfs will use either Blowfish or AES from the OpenSSL library, with key lengths from 128bit to 256bits.

The kind of attack you are talking about (failes having known headers) is a type of "known-plaintext" attack. However you drastically overestimate the efficiency of such an attack. Even if your drive was so bit that it contained every byte of data in the world, and the attacker had both the plaintext and encrypted versions, there is still no published way to get the AES key given that data. So having some images and spreadsheets around isn't going to be enough by a long shot.

You might be thinking of a known-plaintext attack against the kernel loopback system not so long ago, which I believe was really a dictionary attack. Because of the way the loopback driver had encrypted the data, it was possible pre-compute the encrypted data that would result for particular passwords. So an attacker could create a big dictionary of pre-computed encrypted data and simply test against some known bytes on the drive to see if one of those passwords was in use. Encfs does not allow this, as two different encfs filesystems will always have different encrypted data - even if the same data is stored in each, and the same password was used when the filesystem was created.

By far the most cost effective attack would be to bug your computer or keyboard. That attack would cost less then tring to break AES, and work equally well with loop-aes or encfs.

1 to 1 of 1
  1. not so easy
    2005-06-12 06:54:24  hyperborean [View]

1 to 1 of 1