Closed ghost closed 7 years ago
One more thing.. this is the .encfs6.xml file associated with this volume:
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE boost_serialization>
<boost_serialization signature="serialization::archive" version="14">
<cfg class_id="0" tracking_level="0" version="20">
<version>20100713</version>
<creator>EncFS 1.8.1</creator>
<cipherAlg class_id="1" tracking_level="0" version="0">
<name>ssl/aes</name>
<major>3</major>
<minor>0</minor>
</cipherAlg>
<nameAlg>
<name>nameio/stream</name>
<major>2</major>
<minor>1</minor>
</nameAlg>
<keySize>256</keySize>
<blockSize>1024</blockSize>
<uniqueIV>0</uniqueIV>
<chainedNameIV>0</chainedNameIV>
<externalIVChaining>0</externalIVChaining>
<blockMACBytes>0</blockMACBytes>
<blockMACRandBytes>0</blockMACRandBytes>
<allowHoles>1</allowHoles>
<encodedKeySize>52</encodedKeySize>
<encodedKeyData>
ie68ekS+YLtwmhM39r/pd0GrbAJLcG2aB9p5ERspLl0XKE84jiu5z6fffa8KRRfKYy0oXg==
</encodedKeyData>
<saltLen>20</saltLen>
<saltData>
dme+3C36j51pZUEAO8rtuWXPiHk=
</saltData>
<kdfIterations>219920</kdfIterations>
<desiredKDFDuration>500</desiredKDFDuration>
</cfg>
</boost_serialization>
update: I just tried to mount the volume on Ubuntu, which comes packaged with the same version of encfs I used originally to encrypt the files (1.8.1) and the same thing happens.. so this is not version nor mac specific it would seem .. :-/
ok.. I do have a theory what might be happening.. if the key in .encfs6.xml changed somehow .. that would cause this problem, correct?. But I haven't touched this file and this had been working the whole time on my previous laptop.. I just lost the laptop, re synced the box folder and now it is different?.. I am going nuts here :-(
ok.. after a lot of investigation it seems that the problem was indeed that I managed to create an alternative .encfs6.xml on an old machine a while ago, but this folder was never synced with the cloud service (box). So this was "a time bomb". I used this folder for years then on a newer computer, and it always worked fine, until this newer computer got stolen and I turned on the old computer.. which then caused the "poisoned" .enc6xml to be synced with the cloud and overwrote the keys, with which all the files in the directory were encrypted.
Thru sheer luck I was able to dig the old .enc6xml out of a hard backup lying in some basement in another country .. so i got my data back. But yeah.. users beware of this "gotcha".. or is that a feature?.. one can rig a "data bomb" which makes all data inaccessible should a "trap" computer be activated :-)
Hi,
I am having the following issue with a previously created encfs volume. I lost my laptop and now I am trying to recover my encrypted files out of a Box synced folder. I see the encrypted files on the synced folder.. i.e:
on the mounted volume, I see however:
just one file.. looking at the inode number, one can see the corresponding file in the encrypted folder.. namely:
30452353 -rw-r--r-- 1 erick staff 0 7 Jun 2016 CDeDbdfPGplEg,
but all other files are nowhere to be seen.I mounted the volume enabling debug and so on and I don't see anything "suspicious".. other than that "Attribute not found" error which my instinct tells me it might just be noise.. either way pls take a look at the following logs (somewhat edited for brevity)
Some details about the creation of this volume one or two years ago, I can't remember.. I followed a guide online to create a Boxcryptor compatible volume with the following settings:
AES 256 encryption with 1024 byte block size, stream filename encoding, no filename initialization vector chaining, no per-file initialization vectors, no external chained IV, no random bytes to each block header. file-hole pass-through is enabled.
I highlighted the stream encoding cause I know there are some issues related to case insensitive filesystems and what not.. at the time there was no base32 encoding I believe. Anyway, just mentioning in case it is relevant.
The version I am using right now is 1.9.1 on Mac OS X Sierra btw.
Your help in recovering these files would be greatly appreciated! Thanks in advance.