-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transition of encryption feature: Remove EncFS (and replace it if possible) until year 2029/30 #1734
Comments
Thanks for the heads up and extensive wrap-up of the current situation, @buhtz. I also want to express my deepest gratitude towards the original maintainer @Germar as well as the new maintainer in their efforts to provide the Linux community an accessible and secure backup tool over these years. BIT has provided users like me an invaluable benefit in protecting my personal data stash over the past years (or even decade?). I just want to add a user voice and feedback, that some of the envisioned alternatives (i.e., LUKS) are not an suitable option for an adequate replacement, at least for my user persona. Prior to choosing BIT as backup solution, I did an extensive research on available backup solutions, and at that time BIT appeared to be the only solution fitting my bill. Before jumping into the details, a few initial thoughts: IMHO, A solid and good (consumer) backup should be
The case for BIT and EncFSIn my setup (Homeserver: ZFS ZRAID on LUKS, 3+ TB volume, Backup-Target: Remote NAS via 10Mbit WWAN, SSH, rsync & encfs) BIT and EncFS wonderfully checks that bill and comes with a few extra benefits:
My key pointSo the key properties of my user persona point are:
I do not know about GoCrypt. But I'm pretty sure, that a LUKS-based approach would no longer fit my bill. Simply said: To ensure my data sovereignty, the encryption must happen at backup source site. This would require to remotely mount the block device loosing all the target-sided benefits of rsync. This approach might be feasible with a high-speed, low-latency connected, trustworthy backup device in a local network. But In an "spatially separated" setting without T1 connection, the latency and bandwith would render large volume backups nearly impossible. A target-side LUKS-approach on the other hand would compromise the user sovereignty, as he now needs to trust the target. My PoVIn case GoCrypt is not a viable conceptually drop-in replace for the current EncFS architecture, I'd rather recommend users with an untrusted backup target like me to switch to a archive-based backup solution offering encryption as first-class citizen like https://www.borgbackup.org/ (Vorta), https://restic.net/, https://duplicati.com/ or maybe https://duplicity.us/ (DejaDup). I think this is the better and more appropriate approach in contrast to an target-side encryption approach like LUKS as alternative. Nevertheless, I still appreciate that the BIT-team takes the initiative and lead in this matter, even if this means as an outcome to eventually switch my backup approach, as the current EncFS situation has been already not on par for a long time. Sticking to the status quo is not a good approach when it comes to security. Again: I appreciate your efforts and thank you for keeping us posted! |
Hello Benjamin, My take home message is that a file system encryption (like LUKS) won't solve everyone's problem and is not a 100% replacement for EncFS. One goal of this issue also is to attract contributors. Having someone replacing EncFS would be great. But currently we do not have one. To my knowledge GoCrypt should be a nearly perfect replacement for EncFS. The EncFS maintainer himself do recommend GoCrypt as a replacement. Kind |
Add three different deprecation warnings related to EncFS removal (#1734) and add a whitepaper to explain the situation. - Manage profiles dialog: A simple warning as QLabel for "SSH encrypted" and "Local encrypted" profiles. - Manage profiles dialog: A message dialog pops up when switching the modes combo box to one of the two encrypted modes. - Start BIT GUI: A message dialog pops up, just one time, on start up of the Back In Time GUI if an encrypted snapshot profile exists. That message dialog can be re-opened via the _Help_ menu. - Add a markdown document "whitepaper" to explain the situation. All three messages do link to that document. - Modified "backintime.1" and its section "NOTES ON SECURITY" man page. - Several minor adjustments to man pages and icons. Close #1735 Related to #1734
For EncFS profiles the snapshotpath field in Manage profile dialog was empty. Beside of that the profile specific encfs-deprecation-warning dialog now is shown not only in Manage profiles dialog but also in MainWindow when an EncFS profile is selected. But it is shown only once. Fix #1808 Related to #1806 Related to #1734
GoCryptFS does look like a near drop-in replacement for EncFS. If GoCryptFS support is added, would you want to include an automatic migration feature from EncFS? I imagine that just swapping them out is quite achievable. |
I don't think an automatic migration functionality is feasible. The potential for failure would be very high, so it's better to leave this up to the users, who will be forced to set up new backups, or copy the existing snapshots manually. It's painful, but it's much more realistic. |
Technically even a migration would equal a complete rewrite of a full backup set. As encryption occurs on client side, I'd not see any win in terms of speed, data transfer volume etc. In comparison just asking users to create a fresh, GoCryptFS backup set (and deprecate, but keep the EncFS approach for a transition phase) appears to be most reasonable and straightforward to me. |
Yep, that is the plan. And even after EncFS is removed from BIT users are able to use an older BIT version to rescue their backup or using EncFS themself to "open" the encfs folders without using BIT. |
Thanks. I was looking at the code, and simply swapping GoCryptFS in place of EncFS looks quite doable. Do I understand correctly that your plan is slightly more complicated: to support both EncFS and GoCryptFS for a transition period?
…On 9 August 2024 12:19:50 am AEST, buhtz ***@***.***> wrote:
> In comparison just asking users to create a fresh, GoCryptFS backup set (and deprecate, but keep the EncFS approach for a transition phase) appears to be most reasonable and straightforward to me.
Yep, that is the plan. And even after EncFS is removed from BIT users are able to use an older BIT version to rescue their backup or using EncFS themself to "open" the encfs folders without using BIT.
--
Reply to this email directly or view it on GitHub:
#1734 (comment)
You are receiving this because you commented.
Message ID: ***@***.***>
|
Yes. |
I think it's a very good idea to just try this out, even if the final implementation might look a little different. If you feel up to the task, why not take a fork/branch, and implement a 1-to-1 replacement of encfs with GoCryptFS? Just to see how it goes – it will probably teach you/us some useful things to know for the future :) |
Thanks, I'll give it a shot if I get some time.
|
I fully support all this and glad you try to jump in here. |
Hello User & Contributors
Your Back In Time (BIT) likely gave you a hint that the encryption function will soon change. As maintainers, we're keen on your opinion and perspective on this matter. Please direct questions and ideas preferably to the project's mailing list or one of the subordinated issues (see below), as this issue serves more for organization than substantive discussion.
Summary
The transition is about removing EncFS and provide one of two alternatives.
In the current state of discussion it is preferred not to replace EncFS with an alternative library but to use encryption on file system level (e.g. LUKS) and improve BIT in a way to easier handle file systems like this.The current state of discussion is that using LUKS or another file system encryption managed by the operating system itself (outside of BIT) is not a solution for all BIT users but for some (see Issue comment). So we better should replace EncFS if we do find contributors. If we don't we need to accept cutting of a feature and some users with removing EncFS without replacement.
The transition is a process not fixed in all details and planed to take until the year 2029 or 2030. It was born from the idea to remove EncFS or replace it because EncFS has known security issues and the upstream project is not active anymore. It is also the case that there is currently no Back In Time contributor replacing EncFS. To keep BIT secure and maintenable there is no alternative to deprecat EncFS in BIT and finally remove it.
Current state
The final goal
It is not finally decided how the situation will be at the end in some years. The state of the current discussion is to remove encryption from Back Im Time because it can be handled by the file system itself. However, the removal should be accompanied by improved documentation on how to use Back In Time with an encrypted filesystem. Additionally, it will be considered whether BIT should be enhanced with functionality that makes it easier for users to handle and mount encrypted filesystems (e.g., on external storage).
Issues to taken care of
Roadmap until year 2029 or 2030
Slow and transparent steps in a timeline of multiple years until round about the year 2029 or 2030 when Debian 15 will be released. Current stable Debian is version 12. It is build around the release cycles of Debian GNU Linux because Debian has very long release cycles and is the base for most of the distributions out there.
Additional details
The text was updated successfully, but these errors were encountered: