On Fri, 11 Jan 2019 21:45:57 +0000 Jonathan Dowland <j...@debian.org> wrote:
> On Wed, Jan 09, 2019 at 10:18:47PM -0500, Celejar wrote: > >The standard encryption technology for linux is LUKS. It works on the > >block device level, not the file level. > > LUKS would be no good if the user wants to move/copy/share the encrypted > files, encrypted, elsewhere: they didn't say so explicitly but that's > the impression I got reading their message. You're probably right; I realized after I wrote my reply (and read some of the other replies) that my solutions likely weren't really what the OP was looking for. > >I believe that the most commonly used software for file level > >encryption is EncFS. I haven't really used it much, and can't speak to > >its long term stablity. > > EncFS should not be used for any new file encryption project, IMHO. > There was the following report in 2014: > https://defuse.ca/audits/encfs.htm > This is referenced in the NEWS file in the EncFS package > https://salsa.debian.org/debian/encfs/blob/debian/sid/debian/NEWS > > Both the report and the NEWS file are 5 years sold so I am not sure of > its current status but I'd want to seek positive assurance. Huh - good to know. But I was wondering, along similar (but less informed) lines, how good some of the other suggestions were, e.g. ccrypt. I know very little about ccrypt, but has it even been audited at all? Is it sufficiently widely used that any vulnerablities or misimplementations of the sort discovered by the EncFS audit would have been looked for or turned up? Celejar
