-
Notifications
You must be signed in to change notification settings - Fork 276
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
64-bit Initialization Vectors #16
Comments
Interesting article, but I am not sure it applies here, as encfs uses a
128-block cipher (aes) with a 64 bit initialization vector.
|
Birthday collisions on a 64-bit input will happen after 2^32 outputs (50% probability). Try encrypting a terabyte with EncFS and see if you get an IV collision. |
Configuration file already contains : |
Do you think we can safely use an I'm afraid 128 bits values could not be supported on 32 bits systems, this is at least the case on Cygwin 32 bits (g++/gcc 6.4.0) where the following test fails :
|
Some googling seems to confirm that. uint128 is not available everywhere. We should rather use 2 x uint64 or 16 x uint8 I believe. |
So I think we would have to declare a new |
From the latest audit (https://defuse.ca/audits/encfs.htm): > EncFS is probably safe as long as the adversary only gets one copy of > the ciphertext and nothing more. EncFS is not safe if the adversary has > the opportunity to see two or more snapshots of the ciphertext at > different times. EncFS attempts to protect files from malicious > modification, but there are serious problems with this feature. vgough/encfs#8 vgough/encfs#9 (critical) vgough/encfs#10 vgough/encfs#11 vgough/encfs#13 vgough/encfs#16 vgough/encfs#17
From: https://defuse.ca/audits/encfs.htm
Initialization vectors are only 64 bits, even when using AES instead of Blowfish. This may lead to vulnerabilities when encrypting large (or lots of) files.
The text was updated successfully, but these errors were encountered: