Filename encryption unusable

jensen75

Recently I purchased the Ultimate edition to have filename encryption. However, the feature is unusable for me. The encrypted filenames are way too long (i.e over 260 characters) and there is little I can do about it as the problematic files usually come from repositories (e.g. Mercurial), backup software and other libraries, where it is impossible for me to influence the name of the file path.

A ratio of 1.5 means that the actual filename cannot be longer than 173 character, which is quite short, and often exceeded. Yes, I am aware that it is Windows that has the ridiculous 260 length limit, but at least it is better than 173.

I am not an expert on the cryptographic strength of any encryption scheme that does not blow up the filename length, but I think BoxCryptor is in urgent need of some sort of filename encryption that doesn't increase the length! Even if the option of adding a relatively weak encryption of the filenames would be made possible, I would definitely use it over no encryption at all! For my proposes the main idea is to prevent nosy people (in say my office) from browsing around my files on a shared file system, not to prevent NSA from mapping out who am I, what I did when, what, and so on. Of course I want the *contents* of the files to be strongly encrypted.

Will there be any support for some sort of length preserving filename encryption? At the moment I would not recommend anyone purchasing the application until the filename issue has been resolved.

Robert

Hi,

First of, thanks your purchasing the Unlimited version and supporting our development efforts. We are aware that the increase in filename length due to filename encryption is a problem for some of our users. And of course, we're thinking about counter-measures and ways to minimize the overhead and also already working on some of them.

Are you using BoxCryptor in combination with a cloud storage provider or "just" to encrypt files locally on your hardware? Because if you don't need to restrict the path length to 260 characters, you can enable long path support in the Advanced Options of a BoxCryptor Drive. Then, BoxCryptor will allow to create encrypted files with paths up to ~32.000 characters. But be aware that providers like Dropbox, Google Drive or SkyDrive do not sync files with path lengths > 260 characters.

Best regards,
Robert

jensen75

Thanks for the reply. Sorry, I did forget to mention that I am using BoxCryptor with Dropbox, and files with long names will not synchronize. There is no error message - only that some files won't be transferred between computers. If I disable long filenames in BoxCryptor, I on the other hand run into an error each time a file with a long name is created, which happens all the time outside of my control as many files are created through a backup program, cloned from Bitbucket, and similar.

I appreciate that you are considering (and hopefully working on) a solution to the filename issue. I can see there are cryptographic issues associated with it, but hopefully there will be some solution at some point. This would be much welcomed!

Jensen

FrankGfromW

@jensen75: +1
@Robert: How often has filename scrambling already been requested as a feature? (rhetoric question)
Why don't you finally implement it? Filenames were equal length as clear text but wouldn't be (easily) readable to the hoster.
Why do I have to choose between the plague (clear text file names) and cholera (lost files due too long pathes)?
Please leave the choice about (required) security levels at the user.
Thank you.

Robert

First, this is the first request I have ever read to add filename "scrambling". Second, as a small team of ~8 developers we don't have infinite development resources and there a lot of other open issues with higher priorities we're currently working on. As I said, we are aware of this problem and will do our best to solve it as soon as possible.

--Robert

CC

@Robert

Whatever new filename encryption / scrambling / obfuscating technique is introduced, we hope that there will always be a combination of BC settings possible that result in an encfs compatible encryption, until there is also a BC for Linux ;-) ?

FrankGfromW

@CC: I do object. I rather had a feature that only works on Windows (or on BoxCryptor) and a MsgBox giving a warning if I enable it than to have a compatible program with less options.
In my environment filename scrambling was very helpful to not collide with long paths but still provide some privacy.

jensen75

@CC and
@FrankGfromW:

I think (and hope) that what you both mean is that *both* of the following options should be available:

1. The possibility to encrypt file names that it is compatible with encfs. This is already an option, and the encryption is, as we know, not length preserving.

2. Encrypt file names (*length preserving*) that might not necessarily work with encfs, but would work under say Windows and the tablet apps.

Then the user can choose whatever method they see fit. Currently I am in need of number 2 above, which does not yet exist.