commit 39eebee367ee6d07cf896aea83953e70a3d6b359
parent 52e530dac4f96ecc4db797ef14c9dfde68435b33
Author: Andrew Laack <andrew@laack.co>
Date: Fri, 1 May 2026 00:12:52 -0500
Took notes on cryptomator, cryfs, and watermarking attacks
Diffstat:
6 files changed, 51 insertions(+), 7 deletions(-)
diff --git a/docs/ComputerScience.md b/docs/ComputerScience.md
@@ -29,6 +29,7 @@ This is the index for my Computer Science related notes.
- [Software](Software.md)
- [Code Verification](CodeVerification.md)
- [Beam Search](BeamSearch.md)
+- [Cybersecurity](Cybersecurity.md)
## Forced to Take Notes on
diff --git a/docs/CryFS.md b/docs/CryFS.md
@@ -0,0 +1,19 @@
+# CryFS
+
+## Description
+
+CryFS performs client-side encryption of files, frequently used to secure files backed up to remote storage solutions.
+
+The following information is leaked by CryFS to the system storing the encrypted data:
+
+1. Data size / change sizes
+
+Relative to [Cryptomator](Cryptomator.md), CryFS provides better privacy by limiting visible metadata, but can be slower and doesn't support concurrent accesses from multiple devices.
+
+With CryFS:
+
+> An attacker sees only uniformly-sized encrypted blocks with no visible organization
+
+[https://www.cryfs.org/comparison](https://www.cryfs.org/comparison)
+
+One concern is by backing up, say, 1.76Gb more data to a cloud server it can be quite obvious what that data might be in the context of what you are doing. Depending on your threat model, backing up dummy data alongside real data may be warranted.
diff --git a/docs/Cryptomator.md b/docs/Cryptomator.md
@@ -0,0 +1,15 @@
+# Cryptomator
+
+**Source:** [https://docs.cryptomator.org/security/architecture/](https://docs.cryptomator.org/security/architecture/)
+
+## Description
+
+Cryptomator performs client-side encryption of files, frequently used to secure files backed up to remote storage solutions.
+
+Vaults are defined in Cryptomator as a location for encrypted files to reside. When a vault is unlocked you can view unencrypted files in `~/.local/share/Cryptomator/mnt/{vault-name}`, by default. By default, Cryptomator uses FUSE to give a view into the unencrypted files without them being decrypted on disk (obviously page files may be written to disk on specific systems, in a different location, so be cognizant of that).
+
+The following information is leaked by Cryptomator to the system storing the encrypted data:
+
+1. Number of files per directory
+2. File sizes
+3. Data size / change sizes
diff --git a/docs/Cybersecurity.md b/docs/Cybersecurity.md
@@ -1,11 +1,7 @@
# Cybersecurity
-**Source:** Cryptography and Network Security
-
-**Chapter:** 1.1
-
-
-
**Definition:** Protection of information stored, transmitted, and processed on computing devices.
-Protection encompasses confidentiality, integrity, availability, authenticity, and accountability.
+## Links
+
+- [Watermarking Attack](WatermarkingAttack.md)
diff --git a/docs/SelfHosting.md b/docs/SelfHosting.md
@@ -16,6 +16,12 @@ This is the index for self hosting information.
- [Git Hosting](GitHosting.md)
- [VPS](VPS.md)
+## Transparent FS Encryption
+
+- [Cryptomator](Cryptomator.md)
+- [CryFS](CryFS.md)
+
## Other Utilities
- [Uptime Kuma](UptimeKuma.md)
+
diff --git a/docs/WatermarkingAttack.md b/docs/WatermarkingAttack.md
@@ -0,0 +1,7 @@
+# Watermarking Attack
+
+**Source:** [https://en.wikipedia.org/wiki/Watermarking_attack](https://en.wikipedia.org/wiki/Watermarking_attack)
+
+**Definition:** A watermarking attack is a disk encryption attack where the existence of a piece of data can be detected by an attacked without knowing the encryption key.
+
+This is especially relevant for disk encryption tools where attacker controlled files may exist in the encrypted data, potentially leading to their existence being visible without the ability to decrypt the data.
