Cryfs Vs Encfs Vs Gocryptfs

[Ortiz Ullery]

Ilove encfs as it provides file-based encrypting which is quite useful when it comes to cloud storage. But it looks like that especially for this use case, encfs is considered to be insecure. I'm aware that encfs 2 is in development but how to deal with it in the meantime? Are there any alternatives that integrate well in ubuntu?

Edit: The security issue I mostly refer to is this one. It is still present in version 1.8 and makes your files vulnerable if someone get's multiple versions of your encrypted files. If one is worried about services like Dropbox are not that thrustworthy and encrypts folders uploaded into the cloud because of that, the opportunity that the attacker (the service) gets more than one copy of the cyphertext is absolutely given.

CryFs hides meta-data (e.g., file sizes, directory structures), which is a nice property. To achieve it, CryFs stores all files and directory information in fixed size blocks, which comes with a performance cost.

In contrast, gocrytfs is closer to the design of EncFs (for each plain text file, there is one encrypted file). It is primarily concerned about the confidentiality of the file content and does not have such strong protection against leaking meta information. Like EncFs, it also supports reverse mode, which is useful for encrypted backups.

Both systems are relatively new. In terms of transparency, both are open source projects. gocryptfs had an independent security audit in 2017. CryFs did not have such an audit, but the design has been developed and proven in a master thesis and a paper has been published.

EncFS is discouraged because of the unresolved security issues. It is unsafe if the attacker gets access to previous versions of files (which will be the case when you store data on the Cloud). Also it leaks meta information like file sizes. There is a thread about the plans for version 2, but there are no signs that it will happen in the near future. The original EncFs developer has recommended gocryptfs.

eCryptfs has seen a lack of support recently. In Ubuntu, the installer no longer support ecryptfs encrypted /home directories. Instead they recommend full disk encryption based on LUKS. In addition, eCryptFs has been designed for local disks, not Cloud storage, so I would not recommend it.

VeraCrypt (successor of TrueCrypt) has a good reputation from a security standpoint, but it is not Cloud friendly, as everything is stored in one big file. That will make syncing slow. However, on a local filesystem, this is no concern, which makes it an excellent candidate there.

There is a nice comparison of all these tools on the CryFs homepage (looking at core features).Similarly, there is also an extensive comparison of those four plus cryptomator and securefs on the gocryptfs documentation (looking at technical specs, performance, compatibility etc.).

As I write this, there seem to be quite a few open source tools similar to encfs (but more "modern" than encfs) that could be able to encrypt files in a "cloud friendly" way (i.e. providing per-file encryption, keeping modification times, and so on).

Most of them are fine if you are using only Ubuntu or any other Linux system (ecryptfs seems good), but things become difficult if you require interoperability with other OSes and mobile devices, as most of us is expecting nowadays.

In conclusion, while EncFS is a useful tool, it ignores many standard best-practices in cryptography. This is most likely due to it's old age (originally developed before 2005), however, it is still being used today, and needs to be updated.

EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.

Over the last 10 years, a number of good alternatives have grown up. Computing power has increased to the point where it is reasonable to encrypt the entire filesystem of personal computers (and even mobile phones!). On Linux, ecryptfs provides a nice dynamically mountable encrypted home directory, and is well integrated in distributions I use, such as Ubuntu.

EncFS has been dormant for a while. I've started cleaning up in order to try and provide a better base for a version 2, but whether EncFS flowers again depends upon community interest. In order to make it easier for anyone to contribute, it is moving a new home on Github. So if you're interested in EncFS, please dive in!

Having your data in the cloud can be very convenient. However, it can also be a risk.Data leaks are happening from time to time and you don't want to be the one who gets blackmailed or whose private pictures get public.You usually also don't want hackers to be able to modify your files and change your yearly earnings report (or whatever else you're storing in the cloud).Even if you trust the security measures of your cloud provider against hackers, its employees can still access your filesand its computer systems might use your files to create a personality profile to show you targeted advertising.

All these risks can be avoided when you encrypt your files before uploading them.You could add important files to a zip archive and set a password for example.However, that is complicated and you would have to zip/unzip the archive each time you want to access your files.

More convenient solutions offer the concept of a virtual filesystem.That is, you enter your password (which is called mounting the virtual filesystem) and then get a directoryon your computer where you can work with your files as if it was a normal directory.In reality, the directory is not stored to your harddrive, but all content is encrypted and only the encrypted data is stored and synchronized to the cloud.All this happens in the background and you don't notice it when working with your files, so it is very convenient.

There are some proprietary solutions on the market, but that means you don't know what the software is doing.Nobody can check it for vulnerabilities or backdoors.It might be secure, or it might just as well not be.The developers might have been approached by government organizations and have been forced to put backdoors into the software.Or maybe hackers found a way to smuggle bad code into the software and nobody noticed.In short: It's a bad idea to use proprietary cryptography software.For open source cryptography software, the source code is open. Everyone can see and check it.Vulnerabilities can be found and fixed, backdoors can be noticed.This is why we only describe open source solutions here.

VeraCrypt runs on Windows, Linux and Mac, and is believed to be a secure encryption tool to encrypt your files locally.It keeps your files confidential, but does not protect the integrity, i.e. a hacker can't read your files, but they could modify them without you noticing.Like all solutions presented here, it offers you a virtual filesystem and the unencrypted files are never actually stored on your hard disk.VeraCrypt then stores all filesystem data in one encrypted container file.If you want to use it to encrypt your Dropbox, you could put the encrypted container file in your Dropbox folderand it would get automatically synchronized to all devices connected to your Dropbox.If these devices are also running VeraCrypt, they will (after you entered your password) also offer you a directory where you can work on your files.

This is very convenient to use and it is secure. However, there is a problem with it.VeraCrypt is not designed to be used in the cloud and a container file can get very large.Actually, you have to choose a maximal size for your filesystem in advance andthe container file will have this size, no matter how much of the space you actually use.

Say now you have a large filesystem, i.e. a large container file.Everything is already uploaded to your cloud. Now you change a small file.In reality, this means that the large container file changes. Your cloud will notice that and might try to re-upload the whole container file,which can take a lot of time and will use a lot of internet bandwidth.Even if you're lucky and your cloud is intelligent enough to notice that only a small part of the container file changed,you will have a problem when you modify a file on another computer before synchronization finished.Both computers now made different changes to the container file at the same time.Because your cloud doesn't know about the VeraCrypt file format, it doesn't have a chance of merging these changesand will (in the best case) offer you two versions of your container file, i.e. you suddenly end up having two filesystemsand in each there is only one of the changes. Ugly.

Gocryptfs, like VeraCrypt, offers you a virtual filesystem, so the encryption is happeningin the background and doesn't interfere with your workflows.It doesn't support Windows (only Linux and Mac), but that might be enough for some users, and there is a third party client for Windows(cppcryptfs).As opposed to VeraCrypt, it doesn't store your files in one big container file, but encrypts your files individually.For each of your files, there is an encrypted version in your Dropbox.This solves the problem we described for VeraCrypt.

When you change a small file, only that small file has to be re-uploaded and when you modify different files on differentcomputers at the same time, they modify different encrypted files in the Dropbox and the Dropbox client is able tohandle that.However, that is also a disadvantage.Since there is an encrypted file for each of your files, a hacker can exactly see how many files you have, howlarge each file is and how they are structured into directories.This might not be a problem for some applications, but it can be a problem faster than you would think at first.Say they see that you have a lot of folders with about 20 files each and each file has about 3 megabyte,then they can say with fair certainty that you are storing a music CD collection there.Or say you store an illegal copy of a current Windows installation CD (not that we recommend that),the police could ask your cloud provider to hand over your encrypted files and they could analyze them.When the number of files, file sizes and directory structure match the CD, they know you're storing it.The same thing is also an issue for watermarking attacks, which we will not explain in detail here.There are alternatives to gocryptfs that are not vulnerable to these attacks and also hide your file sizes, metadata and directory structure.

3a8082e126