encfs Unable to find cipher ssl/blowfish-v0.2, version 2:0:1

Bug #234818 reported by Fernando Miguel
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Release Notes for Ubuntu
Fix Released
Undecided
Robbie Williamson
encfs (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Binary package hint: encfs

after I upgraded encsfs to intrepid version I get this error:

~$ encfs /mnt/.crypt/ /mnt/crypt
18:59:57 (FileUtils.cpp:1343) Unable to find cipher ssl/blowfish-v0.2, version 2:0:1
The requested cipher interface is not available

stable (hardy) version: 1.3.2.1-1
Intrepid version: 1.4.1.1-2

Revision history for this message
Valient Gough (vgough) wrote :

Sorry, but that algorithm has been out of date for years. It was replaced a long time ago and backward-compatibility was finally dropped in 1.4.x.

You will need to use an old version of encfs to be able to read the volume.

Changed in encfs:
status: New → Invalid
Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

thanks for the fast reply.
I didnt see any notification on the changelog when I installed.
Shouldnt this be there?
Users upgrading from hardy, or older versions will face this problem.

My volume was freshly created on Hardy, so if encfs uses such an old algorithm, it should be fixed, so that new volumes use current algorithm, right?

Thanks once again. I'll migrate EVERY data on the old volume to a new one created with the new version.

Changed in encfs:
status: Invalid → New
Changed in encfs:
status: New → Confirmed
Revision history for this message
reagle (joseph.reagle) wrote :

I'm glad I saw this as it could be a potential (big) problem. All my partitions were created with Hardy standard mode which uses the following settings:

Version 5 configuration; created by EncFS 1.2.5 (revision 20040813)
Filesystem cipher: "ssl/blowfish", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 160 bits
Block Size: 512 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.

Will this no longer work? Before I upgrade, do I have to create manually migrate my encfs directories? What's the standard mode in Intrepid?

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

AFAIK you will have to do it manually.
I'm emailing ubuntu-devel to see if I can raise this problem before release. Yes I know we are short on time.

Revision history for this message
Robbie Williamson (robbiew) wrote :

Documented this issue in the Intrepid release notes.

Changed in ubuntu-release-notes:
assignee: nobody → robbie.w
status: New → Fix Released
Revision history for this message
Valient Gough (vgough) wrote :

reagle: No, you don't have to do anything. This only affects encfs partitions from before Feb 2004 - prior to encfs 1.0 release.

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

Valient my system was installed on a clean Hardy install and then updated to Ibex during alpha.
I could not access my encfs volume.
I had to downgrade encfs package, and then migrate the data.

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

From LP

Jaunty (1.4.2-2): universe/utils
Intrepid (1.4.2-2): universe/utils
Hardy (1.3.2-1-1): universe/utils
Gutsy (1.3.2-1-1): universe/utils
Dapper (1.2.5-1-1): universe/utils

Revision history for this message
Fernando Miguel (fernandomiguel) wrote :

I saved my debs. Here are the versions:
encfs_1.3.2-1-1_amd64.deb
encfs_1.4.1.1-2_amd64.deb

this is the same info I placed on the first comment.

Revision history for this message
Valient Gough (vgough) wrote :

My apologies. Could the Hardy packages have been built with an old version of OpenSSL (pre 0.9.7)?

Encfs 1.0 switched to using new EVP methods in OpenSSL, which required OpenSSL 0.9.7 or later. If encfs was built with earlier versions of OpenSSL, or versions with broken EVP interfaces (?), then only the pre-1.0 cipher would be available.

It hadn't occurred to me that new filesystems were still being created using pre-1.0 settings. Encfs should have been generating a big run-time warning all these years to warn people that they were using deprecated options, rather then a small compile-time warning which only maintainers would have seen.

Revision history for this message
JC Hulce (soaringsky) wrote :

This bug has not been updated in a long time. Does it still exist?

Changed in encfs (Ubuntu):
status: Confirmed → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.