29 May
2014
29 May
'14
1:11 a.m.
On Wed, May 28, 2014 at 07:45:06PM -0400, Griffin Boyce wrote:
Even being embarrassed by whatever bugs the second phase audit uncovered wouldn't explain the sudden recommendation. And why not ecryptfs or ~literally anything else~ ?
ecryptfs is a complete joke. It intentionally does not encrypt *ANY* metadata execpt the filename, leaking modification times, filesizes (rounded to the block), write patterns, file ownership, permissions, etc. Because it's design is such a joke, it hasn't gotten any serious crypto review, so I'd be surprised if it doesn't have critical implementation bugs in the parts that aren't broken by design. Please don't use ecryptfs. It's not even better than nothing. -andy