|
|
|
|
|
|
by mrpdaemon
4481 days ago
|
|
|
Leaking the file size (Issue 2.2) is due to the way EncFS is architected to work at a file granularity. Adding some random bytes or rounding up to the next block size are small improvements but still leak approximate file size. I don't think anyone would like their 5KB file to occupy 2GB on disk so EncFS sacrifices some level of privacy for practicality. On the flip side this design tradeoff allows EncFS to be used somewhat effectively on top of cloud storage services like Dropbox/GoogleDrive etc. whereas full disk encryption schemes don't work as well. |
|
|
Most modern encryption schemes operate on blocks of a certain fixed size, but if the file isn't a multiple of the block size, you have to do something special with the last block. EncFS apparently uses some made-up scheme for this, instead of using something more standard and well-understood. The common choices would be padding and ciphertext stealing.
http://en.wikipedia.org/wiki/Ciphertext_stealing