Have the security issues of the EncFS been addressed?

[myous]

The EncFs was audited sometime ago, where a number of security issues were found. Have these issues been addressed?

[TamasBarta]

I also would like to know this. Could you please address this in the README in both cases?

[TamasBarta]

The Arch wiki still says these are not resolved. I skip installing encfs for now, but please provide an edit for the Arch wiki as well, if the issues are actually resolved.

[mgoldau]

Yes I would like to know as well!

[J053Fabi0]

I'm also concerned.

[ulwanski]

Any updates?

[TimFW]

Well given no pull requests since 2018. I believe the main coder just stopped after all these years. Amazing as many that have used and benefited no one is picking it up.

As far as the Arch wiki that looks to be pointing to as of 1.74 and an audit from 2014 so quite dated. We are now on 1.95 2018. (2yr ago). Look at the change notes. So many other apps used this as their roadmap. Someone should fork this and keep continue or try and contact original and get it officially transfered.

[rsyring]

See https://github.com/rfjakob/gocryptfs for a possible alternative. The readme for that project says it was created in part to resolve the security issues present in this project.

[brianddk]

The EncFs was audited sometime ago

@myous I believe the audit you are referencing was the one posted to the EncFS mailing list in case anyone wanted the original source:

• https://sourceforge.net/p/encfs/mailman/message/31849549/

[omueller]

It would be nice to have a kind of official statement about the project status from @vgough : no release since 2018 and last commit from @benrubson in 2020 are not really great signs :( But as it is quite a security sensitive project, a "project is discontinued, don't use it, use XYZ instead" could be an important information, as there are most probably still many users around.

In any case, thanks a lot for your work the last years, it was (and still is) a very useful tool!