David Rosenstrauch wrote:
Tom K wrote:
David Rosenstrauch wrote:
Tom,
I use EncFS pretty extensively, so I can assist you with testing if you need.
DR
Thanks David.
Get it here for now: http://www.archlinux.org/~tom/packages/openssl-0.9.8e-3.pkg.tar.gz PKGBUILD and patch here: http://www.archlinux.org/~tom/packages/openssl/
I've asked the original reporter for details on the known OpenSSL/Blowfish problem, for inclusion in Arch News etc.
T.
Hi Tom. I just upgraded and tested.
It's basically like Valient's mail said - the encrypted directory that I made with the broken version of openssl-0.9.8e was now unreadable with the new fixed version:
[darose@davidrlin pr]$ encfssh .d2 d2 EncFS Password: Error decoding volume key, password incorrect encfs failed
But, like I did when we upgraded to the broken version in the first place (http://archlinux.org/pipermail/arch/2007-March/013925.html) I just deleted the bad encrypted directory and then recreated it. (I keep the contents in a RCS, so it's easy for me to just pull them from there again.) In retrospect, hat wasn't necessarily the correct thing for me to do. Other people commented that they just remained downgraded on openssl-0.9.8d. That avoided the bug, and let them keep using their existing encrypted directories. But since recreating the directory was no big deal, that worked for me.
Anyway, after I whacked and recreated the directory, encfs seems to be working fine. I'm able to unmount the encrypted directory and then mount it again without a problem.
So I think the fix is fine. Only caveat is that, like Valient said, anyone who's created any encrypted directories using the broken version will need to whack them and start again. You might want to reference Valient's email and/or this Arch email thread (http://archlinux.org/pipermail/arch/2007-March/013924.html) in whatever communication you send about the issue.
Hope this helps. Any further questions, or need me to do any more testing, please feel free to write back.
DR
Many thanks for the comprehensive reply, David. I'm still waiting to hear from Valient regarding his tests, but I'll put the fixed package into testing anyway, with appropriate accompanying messages. T.