From f377d34dffa4b74c4991883e7b03b18ec9aa0141 Mon Sep 17 00:00:00 2001 From: Sam Gleske Date: Fri, 25 Jul 2014 00:00:17 -0400 Subject: [PATCH 1/4] doc: encfs spelling and grammar corrections --- encfs/encfs.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/encfs/encfs.pod b/encfs/encfs.pod index d264b83..3136d2e 100644 --- a/encfs/encfs.pod +++ b/encfs/encfs.pod @@ -272,7 +272,7 @@ to decode filenames if desired. B is not a true filesystem. It does not deal with any of the actual storage or maintenance of files. It translates requests (encrypting or decrypting as necessary) and passes the requests through to the underlying -host filesystem. Therefor any limitations of the host filesystem will be +host filesystem. Therefore any limitations of the host filesystem will be inherited by B (or possibly be further limited). One such limitation is filename length. If your underlying filesystem limits @@ -328,7 +328,7 @@ in the keying function is selected based on wall clock time to generate the key. In standard mode, a target time of 0.5 seconds is used, and in paranoia mode a target of 3.0 seconds is used. -On a 1.6Ghz AMD 64 system, it rougly 64k iterations of the key derivation +On a 1.6Ghz AMD 64 system, roughly 64k iterations of the key derivation function can be handled in half a second. The exact number of iterations to use is stored in the configuration file, as it is needed to remount the filesystem. From 712c242e307b0421fc9033b52d0f32b8cf7385df Mon Sep 17 00:00:00 2001 From: Sam Gleske Date: Fri, 25 Jul 2014 00:20:19 -0400 Subject: [PATCH 2/4] doc: encfs add file-hole pass-through doc Previously undocumented though file-hole pass-through has been available in encfs since 1.4.1. --- encfs/encfs.pod | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/encfs/encfs.pod b/encfs/encfs.pod index 3136d2e..22328d4 100644 --- a/encfs/encfs.pod +++ b/encfs/encfs.pod @@ -306,6 +306,7 @@ I mode uses the following settings: Filesystem Block Size: 1024 bytes Filename Encoding: Block encoding with IV chaining Unique initialization vector file headers + File holes passed through I mode uses the following settings: Cipher: AES @@ -316,6 +317,7 @@ I mode uses the following settings: Unique initialization vector file headers Message Authentication Code block headers External IV Chaining + File holes passed through In the expert / manual configuration mode, each of the above options is configurable. Here is a list of current options with some notes about what @@ -465,6 +467,14 @@ When this is not enabled and if B is asked to read modified or corrupted data, it will have no way to verify that the decoded data is what was originally encoded. +=item I + +Make encfs leave holes in files. If a block is read as all zeros, it will be +assumed to be a hole and will be left as 0's when read (not deciphered). This +is required if accessing encfs using the SMB protocol. + +Enabled by default. Can be disabled in expert mode. + =back =head1 Attacks From 556bc812b4d783c9fa5a79076dba82a12d79d3cf Mon Sep 17 00:00:00 2001 From: Valient Gough Date: Thu, 24 Jul 2014 23:49:06 -0700 Subject: [PATCH 3/4] Create README.md Add initial intro page. --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..0865c61 --- /dev/null +++ b/README.md @@ -0,0 +1,32 @@ +# EncFS - and Encrypted Filesystem for FUSE + +## About + +EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for +the filesystem interface. EncFS is open source software, licensed under the LGPL. + +EncFS is now over 10 years old (first release in 2003). It came about because older NFS-based encrypted +filesystems such as CFS had not kept pace with Linux development. When FUSE became available, +I wrote a CFS replacement for my own use and released the first version to Open Source in 2003. + +As with most encrypted filesystems, Encfs was meant to provide security against off-line attacks; +ie your notebook or backups fall into the wrong hands, etc. EncFS encrypts individual files, by +translating all requests for the virtual EncFS filesystem into the equivalent encrypted operations on +the raw filesystem. + +## Status + +Over the last 10 years, a number of good alternatives have grown up. Computing power has increased +to the point where it is reasonable to encrypt the entire filesystem of personal computers (and even +mobile phones!). On Linux, ecryptfs provides a nice dynamically mountable encrypted home directory, +and is well integrated in distributions I use, such as Ubuntu. + +EncFS has been dormant for a while. I've started cleaning up in order to try and provide a better +base for a version 2, but whether EncFS flowers again depends upon community interest. +In order to make it easier for anyone to contribute, I'm looking at Github as the next home +for EncFS. So if you're interested in EncFS, please dive in! + +## GitHub page + +GitHub hosting for EncFS is in progress. See also the original, and more complete, +introduction page at http://www.arg0.net/encfs From 723209aad2586794a1b330db4df71748bf0ff35f Mon Sep 17 00:00:00 2001 From: Valient Gough Date: Thu, 24 Jul 2014 23:51:56 -0700 Subject: [PATCH 4/4] Update README.md update header --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0865c61..e4ff0f0 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# EncFS - and Encrypted Filesystem for FUSE +# EncFS - an Encrypted Filesystem ## About