EncFS + Cryptkeeper

Iniciado por Gambinoh, 17 Abril 2011, 19:34 PM

0 Miembros y 1 Visitante están viendo este tema.

Gambinoh

Hola, acabo de descubir la utilidad EncFS y su gestor gráfico Cryptkeeper... Me ha parecido tan cómoda esta aplicación que la he añadido a /home/user/, sin embargo ahora me surgen algunas dudas tras leer la descripción de Wikipedia.

CitarEncFS is a Free (GPL) FUSE-based cryptographic filesystem that transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

Two directories are involved in mounting an EncFS filesystem: the source directory, and the mountpoint. Each file in the mountpoint has a specific file in the source directory that corresponds to it. The file in the mountpoint provides the unencrypted view of the one in the source directory. Filenames are encrypted in the source directory.

A ver si lo entiendo... hay un directorio que tiene todos los archivos cifrados, pero cuando yo accedo a ellos y los visualizo, lo hago en otro directorio que me proporciona la visualización "descifrada". Luego la localización del archivo cifrado es ¿aleatoria? con eso de "arbitrary" no se a que se refieren.


Luego aparece una sección llamada desventajas:

CitarThere are some drawbacks to using EncFS.

EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.

Fragmentation of the encrypted volume causes fragmentation of the filesystem containing the source directory.

Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.

¿El tema de la fragmentación me puede afectar con el sistema de archivos Ext3? Aclaro, la carpeta cifrada con EncFS tiene un tamaño variable, ocupa todo el espacio "en blanco" no escrito o al menos eso parece. Es la opción por defecto, es decir, no le asigné un tamaño fijo.

¿Se considera un fallo importante el que se puedan ver cuantos archivos hay en el directorio cifrado, su tamaño aproximado y la última fecha de modificación? No parecen a priori datos tan relevantes.

Ahora vienen las ventajas, que en mi opinión son muchas más:

CitarEncFS offers several advantages over other disk encryption software simply because each file is stored individually as an encrypted file somewhere else in the host's directory tree.

EncFS "volumes" do not occupy a fixed size — they grow and shrink as more files are added to or removed from the mountpoint.

It is possible for some directories on the mountpoint to exist on different physical devices, if a filesystem is mounted over one of the subdirectories in the source directory.

Backup utilities can back up only the files that have changed in the source directory.

Corruption of data is more isolated. Data corruption of filedata is local to a single file and data corruption of the filesystem can be corrected with a reliable filesystem repair utility like fsck. In some whole-disk encryption systems, one or both of these attributes are not present.

Since file modifications shine through to the underlying file system, various optimizations by the operating system are still possible unlike with full disk encryption. For example, passing information about released space (TRIM) can improve performance of SSD drives.

APOKLIPTICO ¿podrías dar tu opinión y comentar si has leído algo al respecto de este sistema? Me preocupa no saber qué versión de AES usa exactamente, ya que no hay demasiada documentación en castellano...

CitarEncFS uses whatever ciphers it is able to locate in various encryption libraries on the system. Blowfish and AES are typically available.