Do you use EncFS? Is it "ready" or abandoned?

Message

Website · Post by **Zucca** » Fri May 24, 2024 12:36 pm

To avoid derailing "encrypting a single directory?" I decided to open up this thread.

As the topic says, do you still use it?

Code: Select all

Keywords for sys-fs/encfs:
                |                               |   u   |  
                | a   a     p s     l r   a     |   n   |  
                | m   r h   p p   i o i s l m m | e u s | r
                | d a m p p c a x a o s 3 p 6 i | a s l | e
                | 6 r 6 p p 6 r 8 6 n c 9 h 8 p | p e o | p
                | 4 m 4 a c 4 c 6 4 g v 0 a k s | i d t | o
----------------+-------------------------------+-------+-------
       1.9.5-r2 | + + o o o ~ ~ + o o o o o o o | 8 # 0 | gentoo
1.9.6_alpha0    | + + o o o ~ ~ + o o o o o o o | 8 o   | mv

It's still on ::gentoo. And ::mv has a bit newer version. Looking at the git repo, the last commit is from four years ago.

I wonder if it's safe to use?

It would be nice to mount some directory somewhere as encrypted, then sync the encrypted files into some off-site backup.

Thoughts on this? Anything else that comes into mind? Anternatives (preferably ones that are simple, transparent and fs agnostic)?

szatox · Post by **szatox** » Fri May 24, 2024 1:46 pm

I never used it. However: just because it's not actively developed doesn't mean it's broken.
According to its manual it uses AES, so this this objective should be met 4 years ago, now, and also 20 years to the future unless there is a breakthrough in research regarding cryptography.

The primary goal of EncFS is to protect data off-line. That is, provide a convenient way of storing files in a way that will frustrate any attempt to read them if the files are later intercepted.

I have some files older than 4 years.

Website · Post by **Zucca** » Fri May 24, 2024 2:46 pm

Yeah.
So I guess if the libraries it uses (mainly the AES library) is kept up to date, then I should be ok.
Just need to make sure those libs are dynamically loaded, rather than statically compiled in... This is pretty good example of the benefit of dynamic libs, I guess.

I'll start experimenting when I have more time to focus on this.

szatox · Post by **szatox** » Fri May 24, 2024 3:03 pm

So I guess if the libraries it uses (mainly the AES library) is kept up to date, then I should be ok.

Doesn't even matter, as long as it's actually AES. (or any other _working_ cipher).
Data at rest doesn't change just because there were some updates to the code, and I'm not too concerned with side-channel attacks on the encryption process itself, because pulling it off is probably more difficult than just getting my machine to decrypt my files for you.

If you could exploit some bug remotely, that would be an issue. But this particular application doesn't look easily exploitable, even if it does have some bugs.
Basically, the only real consideration (in terms of no new updates) is "is it usable" and "will it break after you update something else making you unable to recover your files". Which can be mitigated with an OS backup.
So... Is it usable?

carcajou · Post by **carcajou** » Sat May 25, 2024 6:03 am

I am not familiar with encfs, but there is also sys-fs/cryfs. AFAIK it is used as backend for Plasma vaults. I did not have any issues with it in the last ~4 years.

kurisu · Post by **kurisu** » Wed May 29, 2024 10:38 am

I'm still using encfs, but would like to migrate to cryfs if it finally gets bumped to the lastest version.

See https://bugs.gentoo.org/820257

Website · Post by **Zucca** » Wed May 29, 2024 5:48 pm

Can CryFS used in the same way as EncFS?
I feel it doesn't work the same way from the users perspective.

Post by **Juippisi** » Thu May 30, 2024 3:52 am

Heh, that's a blast from the past. I remember using encfs ~20 years ago. Nowadays I'm on zfs native encryption / luks due to simplicity.

Website · Post by **Zucca** » Thu May 30, 2024 7:56 am

My goal is (eventually) be able to mount any non-encrypted directory to an another place where the contents are identical but encrypted so I can then simply upload the encrypted directory to somewhere on the net.
So I'm not interested on on-disk encryption in this case.

kurisu · Post by **kurisu** » Thu Jul 11, 2024 8:24 pm

cryfs-0.11.4 is now stable and should meet your requirements.

I'm going to migrate my cloud from encfs to cryfs soon.

kurisu · Post by **kurisu** » Thu Jul 25, 2024 5:04 pm

Sadly cryfs' performance is far too bad to be a replacement for encfs when it comes to huge amounts of data. See eg. https://github.com/cryfs/cryfs/issues/297

Maybe gocryptfs will be an alternative.

tlhonmey · Post by **tlhonmey** » Thu Jul 17, 2025 4:41 pm

For anyone finding this discussion, note that one of the major listed reasons for the discontinuing of encfs is specifically that the encryption scheme is vulnerable to cases where an attacker can get access to multiple versions of a file and compare them.

Which would include the common case of using encfs for securing cloud backups.

It will still keep out the common riff-raff who are looking for easy pickings, but it's vulnerable to a determined attacker. You probably want one of the alternatives for backup encryption.

pcmaster · Post by **pcmaster** » Sat Nov 22, 2025 8:09 am

I migrated my encrypted directories to gocrypyfs.