Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 931
    • Issues 931
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 18
    • Merge requests 18
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #5864

Closed
Open
Created Jul 18, 2013 by import-from-Redmine@import-from-Redmine

remove cryptkeeper

Originally created by Tails on #5864 (Redmine)

Wikipedia lists the following disadvantages (by design) of EncFS (used by CryptKeeper, which we are shipping):

  • EncFS volumes cannot be formatted with an arbitrary filesystem. They share the same features and restrictions as the filesystem containing the source directory.
  • Fragmentation of the encrypted volume causes fragmentation of the filesystem containing the source directory.
  • Anyone having access to the source directory is able to see how many files are in the encrypted filesystem, what permissions they have, their approximate size, and the last time they were accessed or modified.

The last point is especially worrying from a security POV (no leaks are good) and show why encrypted filesystems like EncFS are inferior to full disk encryption solutions like LUKS. Since persistence is implemented, and is using LUKS, we should consider removing CryptKeeper to stop encouraging its use.

done in Tails 0.12.

Related issues

  • Related to #6622 (closed)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking