Short Bytes: Cryptkeeper is a popular Linux encryption application that’s used to encrypt your valuable data. But, it’s not as safe as you think. A bug has was recently discovered that allows universal decryption using a single letter password “p.” Debian developer Simon McVittie has advised the dev team to take it out of Debian altogether.
Encryption apps are supposed to act as an extra, solid layer of security for protecting your data. But, what if the encryption app installed on your operating system is not as safe as you expect it to be? A developer, recently, made a similar revelation.
Cryptkeeper is a popular Linux encryption app that, surprisingly, allows universal decryption using a single letter password “p.” This Cryptkeeper version with the flaw was found in Debian 9, which is currently in testing. Developer Kirill Tkhai discovered the flaw.
The Debian developer Simon McVittie writes that it might be happening due to an adverse interaction with encfs’ command line interface. With a simulated pressing of “p”, Cryptkeeper envokes encfs and sets the passwords to just “p” letter.
It was also noticed that Cryptkeeper doesn’t check what write() and close() return while interacting with encfs, probably, leading to unexpected results.
McVittie has advised the developer team to remove Cryptkeeper. I guess it’s best to have it eliminated instead of providing a false sense of security.
What are your thoughts on the current state of Linux security? Don’t forget to add your views and feedback.