You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
EncFS uses Mac-then-Encrypt. Therefore it is possible for any processing done on the decrypted plaintext before the MAC is checked to leak information about it, in a style similar to a padding oracle vulnerability. EncFS doesn't use padding, but the MAC code does iteratively check if the entire block is zero, so the number of leading zero bytes in the plaintext is leaked by the execution time.
3.1 from audit: https://defuse.ca/audits/encfs.htm
EncFS uses Mac-then-Encrypt. Therefore it is possible for any processing done on the decrypted plaintext before the MAC is checked to leak information about it, in a style similar to a padding oracle vulnerability. EncFS doesn't use padding, but the MAC code does iteratively check if the entire block is zero, so the number of leading zero bytes in the plaintext is leaked by the execution time.
Mirror from upstream: vgough#17
The text was updated successfully, but these errors were encountered: