[albinoloverats]

Nice to see this kind of report, even if the conclusion is rather damning.

And it seems to suggest that using it with (something like) Dropbox is a bad idea too:

> EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times.

[mysteriousllama]

Boxcrypter uses EncFS. Combined with the vulnerabilities discussed in this audit, this is pretty bad.

[icebraining]

Boxcrypter uses EncFS.

Not anymore: https://forums.boxcryptor.com/topic/opening-linux-encfs-encr...

[nieve]

Is the current, non-EncFS compatible version open source for the crypto components or audited by anyone reputable? If not we don't necessarily have any reason to believe it's safer.

[tjaerv]

Indeed, a priori one would have to assume it less secure than an open-source implementation that has been reviewed by experts. "We built our own" merely amounts to security through obscurity.