Women in Technology

Hear us Roar



Article:
  Userspace Filesystem Encryption with EncFS
Subject:   not so easy
Date:   2005-04-17 06:57:23
From:   vgough
Response to: Comparison to loop-aes?

Encfs will use either Blowfish or AES from the OpenSSL library, with key lengths from 128bit to 256bits.


The kind of attack you are talking about (failes having known headers) is a type of "known-plaintext" attack. However you drastically overestimate the efficiency of such an attack. Even if your drive was so bit that it contained every byte of data in the world, and the attacker had both the plaintext and encrypted versions, there is still no published way to get the AES key given that data. So having some images and spreadsheets around isn't going to be enough by a long shot.


You might be thinking of a known-plaintext attack against the kernel loopback system not so long ago, which I believe was really a dictionary attack. Because of the way the loopback driver had encrypted the data, it was possible pre-compute the encrypted data that would result for particular passwords. So an attacker could create a big dictionary of pre-computed encrypted data and simply test against some known bytes on the drive to see if one of those passwords was in use. Encfs does not allow this, as two different encfs filesystems will always have different encrypted data - even if the same data is stored in each, and the same password was used when the filesystem was created.


By far the most cost effective attack would be to bug your computer or keyboard. That attack would cost less then tring to break AES, and work equally well with loop-aes or encfs.

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • not so easy
    2005-06-12 06:54:24  hyperborean [View]

    I'm a bit confused about AES.

    If a byte like an "a" or "4" occurs in the same location in the state, would not it be encrypted in the same form?

    For example, if an "a" occurs in the top left hand corner of the 4 X 4 byte state, it seems to me that it would be enciphered the same everytime it happened to repeat in the same location.

    Therefore, if you have plenty of known headers or other plaintext you might be able to compile an inventory of at least all alphanumeric characters in each location of the state.

    Then it would be simply a matter of counting the bytes.

    I am not saying it would reveal the key, but could you crack the rest of the message this way.

    Am I missing something here?