[eric1293]

I find it difficult to set up a good system for encrypted storage.

1. Cryptomator: it's immature and buggy, especially the 1.5 version. See comments in forum.cryptomator. The files and folders disappear, vaults crash, vaults fail to mount, etc.

Boxcryptor is the paid version and not buggy. But it's not open source.

2. EncFS. Has security issues that haven't been resolved.

3. CryFS. Too slow and immature.

4. Encrypted backup, like rclone or duplicity. These are not sync tools.

5. eCryptfs: Used for Ubuntu home encryption (even then somewhat outdated), not for cloud.

6. AWS KMS: server side encryption; amazon has the keys.

7. Gocryptfs: It's OK. Reasonably fast. Cons: command line only, and for Linux. Uses OpenSSL library which isn't all that secure.

It seems to me gocrytfs is the best among these.

[fbriff]

I would also add: 8. Securefs [1]

Gocryptfs has a comparison of these projets, here [2].

Focused on Windows only, to my experience, securefs is the one that is working the best as it is not using dokany but winfsp (FUSE for Windows). With all other solutions using dokany, the copy or sync of large number of files is damn slow or hanging.

[1] https://github.com/netheril96/securefs

[2] https://nuetzlich.net/gocryptfs/comparison/

[Legogris]

What’s wrong with LUKS / tomb?

[eric1293]

It's one big container. A small change means the whole file has to be uploaded again. If you are lucky for Dropbox blocks are synced only.

Also it lacks authentication. The snapshots of the XTS mode are prone to certain attacks.

[Legogris]

Regarding your first paragraph, that’s always going to be a tradeoff that has to be assessed based on threat model and resource budget, since doing it differently will inherently leak sidechannel information, right?

The second one, TIL and good points!