-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add cloud-safe configuration option #141
Comments
So the encrypted folder is synchronised via owncloud to two computers?
|
The folder is synchronized via owncloud to different computers - to 2 computers of user1 and 1 computer of user2. |
I have a similar problem with dropbox. Not two different users, but two machines that share a encfs encrypted folder. If I change the name of a directory sometimes all the files in there get corrupted. I see these messages: |
Are they corrupted on both ends?
If not, can you check the md5sum of the encrypted files on both sides?
|
no, they are only corrupt on one end |
When you run "ls -li" on those files, you get the inode number in the first
column, lets say it is 12345.
Then, using "find . -inum 12345" in the encrypted directory, you get the
encrypted file. Please run md5sum on it on both sides.
If it is different, there is a bug in owncloud's sync algorithm that was
caught by encfs.
|
The have different md5 hashes. In my case it's not owncloud but dropbox. |
Ok, a bug in Dropbox seems less likely. Can you post the encrypted version of |
So I xxd'ed them, only the first eight bytes differ. Some IV problem? |
|
Ok, I think I understand what is going on. You must be running paranoia mode (or you have enabled "filename to IV header chaining" manually). I'll quote the help text first:
So with that enabled, a rename modifies the file header. But a rename should not change the timestamp on the file, so encfs sets it back to the original value. And I guess this is why Dropbox and OwnCloud to not pick up the change. I bet if you run |
yes, that worked perfectly. So is the solution to this not to use "filename to IV header chaining" when using dropbox etc? Or maybe add another option to set a new timestamp once a file is renamed? |
Avoiding
|
Thanks for tracking this down. I've changed the title of this issue - a safe setting for cloud seems like a great idea @rprieto. |
The "cloud-friendly" options sounds like a great idea. A lot of people use encfs for securing their files before they get sent online, and that would be very helpful and could enable other optimizations later on |
Sorry to resurrect this issue but for those of us less capable of understanding what's going on here: What if anything can be done if I've run into this for a few files that I want to recover? Both synced copies in this case seem to be "bad" in the same way - i.e. the file with the wrong IV header propagated. Likely what happened is that I did a full re-sync some time ago and never noticed the issue with these files as one can remain completely oblivious until they go to access the files in question Is this equivalent to data loss? |
Hmm. If you remember from what to what these files were renamed, it may be possible to recover. |
To confirm: I was able to recover a few by remembering the original names, and using The rest I couldn't and had to restore them from backups. I immediately migrated away from
However this is what my repo's info looks like according to
Is it specifically |
Standard mode:
Paranoia mode:
So "External IV chaining" is called File data IV is chained to filename IV in this listing. And you don't seem to have enabled, which is weird. Because then you should have neither experienced the problems, nor should the recovery by renaming to the old file have done anything. |
@rfjakob, |
Sorry for the confusion, but my Let's take a step back for a moment and I want to reiterate what I was really getting after earlier. So, it seems that in this ticket there seems to be some confusion, and for my own sake I want to be completely clear that it is ok to have |
Correct ! |
We have an encrypted folder on an OwnCloud server which is shared by 2 users. If user1 moves a file from a subfolder to another, user2 gets an I/O error when accessing this file. User1 has no problem with this file. If user1 copies this file, there is no error.Without encfs there was no problem when moving files.
Regards, Jan
The text was updated successfully, but these errors were encountered: