https://bugs.kde.org/show_bug.cgi?id=485051

            Bug ID: 485051
           Summary: Remove EncFS from the list of supported Algorithms
    Classification: Plasma
           Product: Plasma Vault
           Version: unspecified
          Platform: unspecified
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: ivan.cu...@kde.org
          Reporter: amanita+kdeb...@mailbox.org
  Target Milestone: ---

I am not sure if this is already done.

A security audit revealed several security issues in EncFS:
https://sourceforge.net/p/encfs/mailman/message/31849549/

These issues seem to not have been fixed to this day:
https://github.com/vgough/encfs/issues/604

The last commit on the project was 4 years ago, it seems unmaintained and is
not secure to use.

I would like to discuss the removal from Plasma Vault, as trusting it is
dangerous after the known vulnerabilities for years.

Starting with removal from the "list of supported algorithms".

Then Vault should display a message "EncFS has known vulnerabilities, export
your data and use a different encryption algorithm" on every decrypt using
EncFS.

Then after some time it could be removed from Plasma Vault.

What do you think? Cheers!

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to