-
Yegor Timoshenko authored
Reasons: - Not full-disk encryption. Leaks metadata: file sizes, file name lengths. - Poor audit results: no authentication (i.e. attacker can write encrypted data but not read), incosistent use of IVs, use of insecure hash algorithms like MD5. - Current labeling system highlights eCryptfs with green "audited" sign, misleading our readers into thinking it's the best choice in the category, while the opposite is true. - If user wants to have an encrypted data overlay, e.g. to sync with untrusted cloud service (Dropbox, Google Drive, rsync.org) they can use Cryptomator. > eCryptfs appears to have a better crypto design than EncFS, but > there are some red flags indicating that it was not designed by > a cryptographer, and has not received enough security review. It > should be safe to use, but more auditing would be a good idea.