EncFS is a FUSE-based cryptographic filesystem which encrypts individual files. As some of you might know, an EncFS security audit that was conducted in February 2014, revealed some potential vulnerabilities:
EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.
And that's understandable since the last stable EncFS version was released back in December 2011. But that also means that the tool needs an update badly and a first step in this direction was made recently, with the release of EncFS 1.8 RC1.
The first EncFS 1.8 release candidate fixes two of the potential vulnerabilities mentioned in the security audit and brings a few other improvements:
- improve automatic test converage: also test reverse mode (make test)
- add per-file IVs based on the inode number to reverse mode to improve security
- add automatic benchmark (make benchmark)
- compare MAC in constant time
- add --nocache option
- lots of fixes to make building on OSX easier
Unfortunately, EncFS 1.8 RC1 doesn't fix all the potential vulnerabilities, but more should come with future release candidates - see the EncFS GitHub issues page for more information.
More information on EncFS:
The tool is especially useful to encrypt private files before syncing them with various cloud storage services such as Dropbox (without encrypting the whole cloud storage folder):
Note: EncFS doesn't come with a GUI, the tool in the screenshot above is called GNOME EncFS Manager.
Build EncFS 1.8 RC1 in Ubuntu or Linux Mint
As I said above, there are still some potential vulnerabilities so you may want to wait until all are fixed. But if you want to install the latest EncFS 1.8 RC1 anyway, here's how to build it under Ubuntu or Linux Mint.
1. Enable source code repositories:
- in Ubuntu: enable "Source code" in Software & Updates (Ubuntu Software tab), then run "sudo apt-get update";
- in Linux Mint: under Software Sources, check the box next to "Enable source code repositories" (Official Repositories tab), then run "sudo apt-get update".
2. Download the latest EncFS and extract it.
3. In the extracted EncFS directory, run the following commands to build EncFS:
sudo apt-get build-dep encfs autoreconf -if ./configure --prefix=/usr --with-boost-libdir=/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH) make
4. Install EncFS 1.8 RC1
Now you can either install it directly or create a deb (using checkinstall) and install that, so it's easier to remove / upgrade.
To create an EncFS 1.8 deb and install it, use the following commands (in the EncFS 1.8 folder):
sudo apt-get install checkinstall sudo checkinstall
And follow the steps. Important: when prompted, change the package name from "encfs-1.8" to just "encfs" and the version from "rc1" to "1.8~rc1".
Or, to install it directly, simply use (in the EncFS 1.8 folder):
sudo make install