Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 971
    • Issues 971
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 27
    • Merge requests 27
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #5864
Closed
Open
Issue created Jul 18, 2013 by import-from-Redmine@import-from-Redmine

remove cryptkeeper

Originally created by Tails on #5864 (Redmine)

Wikipedia lists the following disadvantages (by design) of EncFS (used by CryptKeeper, which we are shipping):

  • EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.
  • Fragmentation of the encrypted volume causes fragmentation of the filesystem containing the source directory.
  • Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.

The last point is especially worrying from a security POV (no leaks are good) and show why encrypted filesystems like EncFS are inferior to full disk encryption solutions like LUKS. Since persistence is implemented, and is using LUKS, we should consider removing CryptKeeper to stop encouraging its use.

done in Tails 0.12.

Related issues

  • Related to #6622 (closed)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking