https://bugs.kde.org/show_bug.cgi?id=485051
Bug ID: 485051 Summary: Remove EncFS from the list of supported Algorithms Classification: Plasma Product: Plasma Vault Version: unspecified Platform: unspecified OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: ivan.cu...@kde.org Reporter: amanita+kdeb...@mailbox.org Target Milestone: --- I am not sure if this is already done. A security audit revealed several security issues in EncFS: https://sourceforge.net/p/encfs/mailman/message/31849549/ These issues seem to not have been fixed to this day: https://github.com/vgough/encfs/issues/604 The last commit on the project was 4 years ago, it seems unmaintained and is not secure to use. I would like to discuss the removal from Plasma Vault, as trusting it is dangerous after the known vulnerabilities for years. Starting with removal from the "list of supported algorithms". Then Vault should display a message "EncFS has known vulnerabilities, export your data and use a different encryption algorithm" on every decrypt using EncFS. Then after some time it could be removed from Plasma Vault. What do you think? Cheers! -- You are receiving this mail because: You are watching all bug changes.