tptacek:
"
Safe is a wrapper around EncFS, which (a) potentially leaks a lot of metadata and (b) is a weird combination of CBC and CFB. I'd feel better about Truecrypt.
reply
"
Followed by a bit of discussion and a link to an apparently unfavourable audit.
Here's the announcement[1] from a few days ago, linked from Safe's Twitter feed[2]:
Wanted to announce the release of my native Windows/MacOSX port of EncFS. It's called Safe, it's free and you can get it here: http://www.getsafe.org/
Safe forms an ecosystem with similar tools like TrueCrypt. It's not for hardcore cryptographic applications, you can't choose specific ciphers and it makes no effort to ensure plausible deniability.
Safe's main goal is to make file system encryption easy to use and accessible to more people. It's for every day encryption i.e. a simple way to ensure reasonably private stuff is actually stored privately. Peace of mind if your laptop or external hard gets stolen, or someone hacks into your backup service. As a tool, it empowers more people to make their own cryptography decisions instead of having to rely on and trust proprietary solutions.
Safe isn't without limitations. Think of it like the physical safe you keep in your home: burglars will have a hard time cracking it but given enough resources it's not strictly impenetrable. If you need a steel alloy vault, TrueCrypt might be closer to what you're looking for but it's not without its own set of limitations as well.
Personally I store all my tax, legal, and medical documents in Safe. That's just me, Safe is GPL and comes with no warranty :)
I don't get it, and the GetSafe page doesn't explain this: Why would I use this instead of TrueCrypt? Oddly the page takes the time to explain how it doesn't use FUSE but uses WebDAV, yet doesn't tell me why I'd want something that leaks metadata, requires disabling hibernation, and provides less security, but still requires a password.
Also just thinking out loud, but if the files are accessed over an HTTP port on localhost, then there's the risk a client may cache files to an unencrypted place. Using full disk encryption eliminates all these kinds of risks and isn't any harder (it's just a password, like safe).
1. You can use your existing EncFS encrypted data on Mac/Windows.
2. 1:1 File encryption is much faster on network storage you don't control, like NFS, SMB, Drobo, Space Monkey, Dropbox, Google Drive. Most of their drivers/protocols are file-based. TrueCrypt is block-based, i.e. all data is stored as a single potentially giant file. This affects the performance of algorithms focused on caching and deduplication.
3. I designed Safe to be much easier than TrueCrypt to use. Try making a new encrypted disk with TrueCrypt, then do the same process with Safe and you'll see what I mean. TrueCrypt is very intimidating to set up for people who don't intimately understand how cryptography works. Safe just chooses the most secure defaults.
As for your second concern about caching. I can guarantee that no data is cached to the local disk unencrypted when using Safe. Don't just take my word for it, verify yourself. See http://www.getsafe.org/about#system_changes_more_info
Safe is not a competitor to TrueCrypt. They are different tools for different situations. I use both depending on the nature of the data I'm keeping private. Safe is another tool in this ecosystem and the main goal is to help more people take control of how their data is stored and transmitted and hopefully bootstrap mainstream digital privacy awareness.
I don't need or want this. I want my desktop to hibernate and I don't need the swap file encryption. My use case is JUST encrypting files as they sit on a cloud storage provider. If I wanted that type of protection I'd already be using full disk encryption on my desktop.
Are the system changes optional or do they have to be enabled to use Safe?
Thanks for the useful response. I'd suggest putting these benefits in the Safe page instead of just deferring to a much more complicated page on EncFS as to the "pros and cons".
As far as WebDAV, are the URLs never exposed in any way? A user might paste it into a third party program which doesn't use the Windows client. MS might also make changes if this isn't a documented or supported view. I'm not saying it's definitely a flaw, it just seems a bit scary.
Out of curiosity, how are large files handled? Like if I move an HD movie file into my encrypted store then watch it - does my commit suddenly shoot up?
Botan has a single contributor who says "[Botan] has never undergone an impartial third-party security review, and thus it is entirely possible/probable that a number of exploitable flaws remain in the source."
I don't know of any other project that depends on it.
It all depends on what you need. EncFS appears to be enough for what I need it for, encrypting files that I want to be a little more private than not at all on cloud storage. I personally wouldn't put sensitive information through it, but then again, I wouldn't put my sensitive information on a cloud provider either.
On top of that, what other per-file cross platform encryption options are there?
Unfortunately, any tiny edit within your TrueCrypt will cause Dropbox to re-read and re-hash the entire volume, and that can take a long time and drain a lot of battery. Safe fits more naturally with Dropbox.
Not sure why Safe forcibly disables hibernation on Mac's with FileVault2: it encrypts the hibernated (is that a word) version of memory stored to disk.
You should be able to use it with any mobile encryption app which is compatible to EncFS, e.g. Boxcryptor Classic on Android and iOS (more info: https://www.boxcryptor.com/en/classic)
tptacek: " Safe is a wrapper around EncFS, which (a) potentially leaks a lot of metadata and (b) is a weird combination of CBC and CFB. I'd feel better about Truecrypt. reply "
Followed by a bit of discussion and a link to an apparently unfavourable audit.