So the attacker will know basically all of the metadata about your files. MetadataĮncFS stores exactly one encrypted file per unencrypted file, and with the same sort of directory structure, the same modification times, and similar file sizes (and filename sizes). So here's what an attacker can do, and under what conditions they can do it. To make a well-reasoned choice, it helps to understand what trade-offs you're making. If your expectation is more vague and all-encompassing, like: "attackers will all be thwarted because the directory is encrypted," then this isn't the tool for you. This typically happens when the directory you're protecting is used in ways thought up by someone else, like the profile directory of a browser, the data storage of some automation pipeline, or the home directories for all the users in a company. More specifically, it works great when your expectation is something along the lines of: "an attacker cannot read my files."īut it doesn't do so hot when you start chaining more complex assumptions on top of it. This is basically a full re-write of the answer as of Feb 2020, with significantly more detail.ĮncFS is reliably safe under the kinds of circumstances and threat models that most casual users would expect to encounter, particularly with document-synchronization services like Dropbox.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |