tptacek:
"
Safe is a wrapper around EncFS, which (a) potentially leaks a lot of metadata and (b) is a weird combination of CBC and CFB. I'd feel better about Truecrypt.
reply
"
Followed by a bit of discussion and a link to an apparently unfavourable audit.
Here's the announcement[1] from a few days ago, linked from Safe's Twitter feed[2]:
Wanted to announce the release of my native Windows/MacOSX port of EncFS. It's called Safe, it's free and you can get it here: http://www.getsafe.org/
Safe forms an ecosystem with similar tools like TrueCrypt. It's not for hardcore cryptographic applications, you can't choose specific ciphers and it makes no effort to ensure plausible deniability.
Safe's main goal is to make file system encryption easy to use and accessible to more people. It's for every day encryption i.e. a simple way to ensure reasonably private stuff is actually stored privately. Peace of mind if your laptop or external hard gets stolen, or someone hacks into your backup service. As a tool, it empowers more people to make their own cryptography decisions instead of having to rely on and trust proprietary solutions.
Safe isn't without limitations. Think of it like the physical safe you keep in your home: burglars will have a hard time cracking it but given enough resources it's not strictly impenetrable. If you need a steel alloy vault, TrueCrypt might be closer to what you're looking for but it's not without its own set of limitations as well.
Personally I store all my tax, legal, and medical documents in Safe. That's just me, Safe is GPL and comes with no warranty :)
I don't get it, and the GetSafe page doesn't explain this: Why would I use this instead of TrueCrypt? Oddly the page takes the time to explain how it doesn't use FUSE but uses WebDAV, yet doesn't tell me why I'd want something that leaks metadata, requires disabling hibernation, and provides less security, but still requires a password.
Also just thinking out loud, but if the files are accessed over an HTTP port on localhost, then there's the risk a client may cache files to an unencrypted place. Using full disk encryption eliminates all these kinds of risks and isn't any harder (it's just a password, like safe).
Botan has a single contributor who says "[Botan] has never undergone an impartial third-party security review, and thus it is entirely possible/probable that a number of exploitable flaws remain in the source."
I don't know of any other project that depends on it.
It all depends on what you need. EncFS appears to be enough for what I need it for, encrypting files that I want to be a little more private than not at all on cloud storage. I personally wouldn't put sensitive information through it, but then again, I wouldn't put my sensitive information on a cloud provider either.
On top of that, what other per-file cross platform encryption options are there?
Not sure why Safe forcibly disables hibernation on Mac's with FileVault2: it encrypts the hibernated (is that a word) version of memory stored to disk.
You should be able to use it with any mobile encryption app which is compatible to EncFS, e.g. Boxcryptor Classic on Android and iOS (more info: https://www.boxcryptor.com/en/classic)
[+] [-] MichaelGG|12 years ago|reply
tptacek: " Safe is a wrapper around EncFS, which (a) potentially leaks a lot of metadata and (b) is a weird combination of CBC and CFB. I'd feel better about Truecrypt. reply "
Followed by a bit of discussion and a link to an apparently unfavourable audit.
[+] [-] miles|12 years ago|reply
Wanted to announce the release of my native Windows/MacOSX port of EncFS. It's called Safe, it's free and you can get it here: http://www.getsafe.org/
Safe forms an ecosystem with similar tools like TrueCrypt. It's not for hardcore cryptographic applications, you can't choose specific ciphers and it makes no effort to ensure plausible deniability.
Safe's main goal is to make file system encryption easy to use and accessible to more people. It's for every day encryption i.e. a simple way to ensure reasonably private stuff is actually stored privately. Peace of mind if your laptop or external hard gets stolen, or someone hacks into your backup service. As a tool, it empowers more people to make their own cryptography decisions instead of having to rely on and trust proprietary solutions.
Safe isn't without limitations. Think of it like the physical safe you keep in your home: burglars will have a hard time cracking it but given enough resources it's not strictly impenetrable. If you need a steel alloy vault, TrueCrypt might be closer to what you're looking for but it's not without its own set of limitations as well.
Personally I store all my tax, legal, and medical documents in Safe. That's just me, Safe is GPL and comes with no warranty :)
[1] http://pastebin.com/xxQhEv0q
[2] https://twitter.com/safe_app/statuses/457281727761620992
[+] [-] MichaelGG|12 years ago|reply
Also just thinking out loud, but if the files are accessed over an HTTP port on localhost, then there's the risk a client may cache files to an unencrypted place. Using full disk encryption eliminates all these kinds of risks and isn't any harder (it's just a password, like safe).
[+] [-] sweis|12 years ago|reply
Botan has a single contributor who says "[Botan] has never undergone an impartial third-party security review, and thus it is entirely possible/probable that a number of exploitable flaws remain in the source."
I don't know of any other project that depends on it.
[+] [-] FiloSottile|12 years ago|reply
It highlights in my opinion a old and not rigorous implementation and design.
I'd not feel safe using it even if the developers of Safe did a great job choosing defaults.
[+] [-] mhurron|12 years ago|reply
On top of that, what other per-file cross platform encryption options are there?
[+] [-] suthakamal|12 years ago|reply
[+] [-] kakashi19|12 years ago|reply
[+] [-] robfreudenreich|12 years ago|reply