You are not logged in.

#1 2010-01-19 01:40:41

OrangeRoot1000
Member
From: TN -- USA
Registered: 2008-08-07
Posts: 106
Website

Encfs/Fuse problems **SOLVED!!!!!** ALWAYS MAKE BACKUPS!!!

I have been using this combo for about 2 years and this is the first time I have ever had a problem with my encryption for data. Now before you say my passwords are wrong. They're NOT. Okay, I looked up on Searchalot and pulled up about 1/2 dozen debian bugs from 6-8 months ago with this exact same issue. This is just a reinstall so everything should be all in order with the same revision numbers and no changes. I can't get any of my data on my laptop OR its a strong possiblity ALL my backups! Not a happy day. Thats at least 500GB of data.


# encfs -v /home/orangeroot1000/.Ornate /home/orangeroot1000/.Ornateness
13:12:47 (main.cpp:515) Root directory: /home/orangeroot1000/.Ornate/
13:12:47 (main.cpp:516) Fuse arguments: (daemon) (threaded) (keyCheck) encfs /home/orangeroot1000/.Ornateness -s -o use_ino -o default_permissions
13:12:47 (Interface.cpp:165) checking if ssl/aes(2:2:1) implements ssl/aes(2:1:0)
13:12:47 (SSL_Cipher.cpp:368) allocated cipher ssl/aes, keySize 24, ivlength 16
13:12:47 (Interface.cpp:165) checking if ssl/aes(2:2:1) implements ssl/aes(2:1:0)
13:12:47 (SSL_Cipher.cpp:368) allocated cipher ssl/aes, keySize 24, ivlength 16
13:12:47 (FileUtils.cpp:1587) useStdin: 0
13:13:08 (Interface.cpp:165) checking if ssl/aes(2:2:1) implements ssl/aes(2:1:0)
13:13:08 (SSL_Cipher.cpp:368) allocated cipher ssl/aes, keySize 24, ivlength 16
13:13:08 (FileUtils.cpp:1595) cipher key size = 44
13:13:08 (SSL_Cipher.cpp:615) checksum mismatch: expected 1341719992, got 839299466
13:13:08 (SSL_Cipher.cpp:616) on decode of 40 bytes
13:13:08 (openssl.cpp:48) Allocating 39 locks for OpenSSL
Error decoding volume key, password incorrect


A couple of suggestions were to go back to the same version of Boost. I'm at the same version. It seems from the Debian mailing list that there is an SSL/AES foobar, and it mentioned about going to Blowfish but the letter wasn't verbose enough. As far as I remember I set it up in Blowfish anyway. Help and ideas please.

Last edited by OrangeRoot1000 (2010-01-19 23:55:37)

Offline

#2 2010-01-19 23:33:39

ninian
Member
From: United Kingdom
Registered: 2008-02-24
Posts: 726
Website

Re: Encfs/Fuse problems **SOLVED!!!!!** ALWAYS MAKE BACKUPS!!!

I use Encfs for encrypting all my laptop data and (fingers crossed) it hasn't let me down yet, but your story is rather alarming. You don't by any chance have a problem with the .encfs6.xml (or maybe .encfs5.xml) file in your Encfs 'root' directory? Since this file contains all the juicy information about the filesystem, it would create havoc if something went wrong with it. Just an idea, and reminds me to back that file up! roll

Offline

#3 2010-01-19 23:54:40

OrangeRoot1000
Member
From: TN -- USA
Registered: 2008-08-07
Posts: 106
Website

Re: Encfs/Fuse problems **SOLVED!!!!!** ALWAYS MAKE BACKUPS!!!

Actually it is alarming and it appears from the Debian lists that its OpenSSL and AES not playing nice somehow. I have used Fuse/Encfs for about 2 years now and love it. There are quite a few Fuse Modules to play with in the repos.

I'm seriously thinking about Truecrypt because it looks all self contained and loads itself into the kernel as a module. It is "free" licensing, but owned by a company that if at last read is a USA company which means it has to submit a "backdoor" to the spooks. If that is true or if I need to go put my stock in black helicopters I don't know.

BUT I do have good news. Don't let anyone tell you not to make backups before major changes!

Let me say it again... MAKE BACKUPS.... rsync is actually nice because keeps any linking, permissions, etc inside of the encrypted container. I don't recommend the compression switch. But another nice thing is that it has a delete switch on its checksum/time checker mechanism. Thats what saved my ass. The encfsctl showcruft app was showing about 10 different areas not right inside the encrypted container INCLUDING my xml. That xml file is what makes or breaks your day. If its lost, damaged or destroyed. You are screwed!!! So I'm all good again and I turned off the timer close container switch. Which has been the only thing I have introduced recently. Maybe I had some open files or something and the container didn't umount properly.


VampirePenguin

Offline

#4 2010-01-20 00:06:24

ninian
Member
From: United Kingdom
Registered: 2008-02-24
Posts: 726
Website

Re: Encfs/Fuse problems **SOLVED!!!!!** ALWAYS MAKE BACKUPS!!!

Many thanks for the update and the additional very interesting information.
I'd forgotten that the 'encfsctl showcruft' command could help to track down problems.
I use Truecrypt on USB flash drives, accessing them both via Linux and Windows. It has worked well for me, but having to predefine the size of the storage isn't so flexible. That's why I was so attracted to Encfs because of its file by file approach (but of course it's not for Windows). Especially with flash drives, the closing of containers and unmounting of drives can, and does fail, from time to time. I was lucky the last time - corruption only occured in some cache files.

Very glad you overcame such a potentially horrendous situation!
wink

Offline

#5 2010-01-20 00:16:25

OrangeRoot1000
Member
From: TN -- USA
Registered: 2008-08-07
Posts: 106
Website

Re: Encfs/Fuse problems **SOLVED!!!!!** ALWAYS MAKE BACKUPS!!!

For small files I use GPG or Bcrypt. I'm told, that if compression is turned of GPG can be good for large files, but it generates 2 on your hard drive at once so you need the space. Yes the dynamic factor in Fuse is very attractive and is why I like it also.

Offline

Board footer

Powered by FluxBB