How safe is it to store the encfs key in Dropbox, YandexDisk, etc?

Y

Ywka2014-01-17 20:25:47

Information Security

Ywka, 2014-01-17 20:25:47

Good day.
From the description of EncFS on Wikipedia:

Files are encrypted using a key, which in turn is stored in the same directory as the encrypted files, in encrypted form. The password entered by the user from the keyboard is used to decrypt this key.

The encrypted folder is in the cloud. Let's say Anonymus took possession of the key. Is it possible to magically get the password and decrypt the files?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

P

Poncho, 2014-01-17
@Ywka

You can store the .encfs6.xml configuration file on a local drive, for example, and mount the repository like this:
If this option is excluded, you can make it more difficult for an attacker to analyze the data by using the --anykey option, when you can store an unlimited number of files (sets of files) in one encfs directory, each of which is encrypted with a unique password.
And so, encfs has enough vulnerabilities without the weakness of your passphrase. Here are the results of the latest security audit: www.opennet.ru/opennews/art.shtml?num=38869

J

jcmvbkbc, 2014-01-17
@jcmvbkbc

If your password has less entropy than the key, guessing the password will get you to your data faster.
Your K.O.