encfs icon indicating copy to clipboard operation
encfs copied to clipboard

Published 20 hours ago verified publisher icon vgough

Encrypted "--reverse" filenames are always different

Open borisbrodski opened this issue 2 years ago • 2 comments

I'm using encfs to create encrypted backup using following mount cmd:

encfs --extpass='/bin/bash -c "cat /root/.private/encfs-password"' --reverse /media/HDD /media/HDD-encfs --public

It works fine (besides too long filenames) for the initial backup. But incremental backups are impossible due to the fact, that each time I restart my machine and execute encfs ... -reverse ... using the same password and the same .encfs6.xml again, I get different filenames and most probably also different encrypted content.

Reading man page and googling I found no way to somehow fix random "salt" or "seed" in place, to make encfs always encrypt data in the same way.

Reproduction:

$ encfs --reverse /media/HDD /media/HDD-encfs --public
$ ls -1 /media/HDD-encfs
,Q053BzFjMwl,rTuaTKKOf1h9maHjbce,V6OCQivamZTd1
.
..
6us3Gp7-0dDyG8iimpY8LgnN
AFIrvoPetkjN6-6-pYkC,9t4
Xs3w-rSwjDq79h2j3XQNz6gZ
$ encfs -u /media/HDD-encfs
Filesystem unmounting: /media/HDD-encfs
$ encfs --reverse /media/HDD /media/HDD-encfs --public
$ ls -1 /media/HDD-encfs
,Wutuamh41
.
..
MYkuiSJV9phMLWAzB0dvtTo1
YfumyAM6y,
y7ViwnRaMZiDud57

Example .encfs6.xml to repoduce the problem:

?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE boost_serialization>
<boost_serialization signature="serialization::archive" version="7">
    <cfg class_id="0" tracking_level="0" version="20">
        <version>20100713</version>
        <creator>EncFS 1.9.5</creator>
        <cipherAlg class_id="1" tracking_level="0" version="0">
            <name>ssl/aes</name>
            <major>3</major>
            <minor>0</minor>
        </cipherAlg>
        <nameAlg>
            <name>nameio/stream</name>
            <major>2</major>
            <minor>1</minor>
        </nameAlg>
        <keySize>192</keySize>
        <blockSize>1024</blockSize>
        <plainData>0</plainData>
        <uniqueIV>0</uniqueIV>
        <chainedNameIV>0</chainedNameIV>
        <externalIVChaining>0</externalIVChaining>
        <blockMACBytes>0</blockMACBytes>
        <blockMACRandBytes>0</blockMACRandBytes>
        <allowHoles>1</allowHoles>
        <encodedKeySize>44</encodedKeySize>
        <encodedKeyData>XXXXX</encodedKeyData>
        <saltLen>20</saltLen>
        <saltData>XXXXX</saltData>
        <kdfIterations>159434</kdfIterations>
        <desiredKDFDuration>500</desiredKDFDuration>
    </cfg>
</boost_serialization>

borisbrodski avatar Sep 01 '22 10:09 borisbrodski

Can you try to set 'saltLen' to 0?

Pinkbyte avatar Jan 20 '23 10:01 Pinkbyte

Unfortunately I can't reproduce this problem any more. It definitely occurred and skewed up my entire backup. I could reproduce it then again multiple times while posting this issue.

But later on without doing any upgrade or other change of any component on my system the problem disappears.

borisbrodski avatar Jan 20 '23 10:01 borisbrodski