Kudos to @Cycor for finding the cause of the long-time mysterious system error 53/67 bug on Windows!
- Fixed system error 53/67 that rarely occurred on some Windows systems, because of a missing registry value (#210)
- Saved password can now be forgotten by deselecting the checkbox (#382) [Windows/Mac]
- WebDAV server keeps running after unlocking a vault even if mounting fails (#393)
- Log files don't contain debug-level information per default anymore, added debug mode in settings (#363)
- On Windows and Mac you can now optionally save your password. This is a preparation for issue #40, one of the most wanted features we're planning for the next minor release. Linux support will follow, as soon as we figured out a standard way to protect saved credentials across most distributions.
- New migration screen preventing accidental migration.
- Cryptomator for macOS will now appear in Dock + Application Switcher, when not minimized to the menu bar icon.
Fixes and Improvements
- Improved speed of directory listing by using a deterministic cleartext size calculation.
- A full list of fixed issues can be found here.
Sadly, we had to drop file size obfuscation support. From this version onwards, there is a bijective function for calculating the cleartext size from the ciphertext size and vice versa.
We always strive to offer the best of both, security and usability. But sometimes we need to find a compromise in order to implement all the features, we're planning for future releases. In the past, we needed to access the first few bytes of a file in order to determine the cleartext file size, which led to
O(n) I/O activities with
n being the number of files per directories. In this case, we decided in favor of
O(1) directory listings, which is especially useful for large directory listings, file size determination via mobile devices, or slow internet connections.
File size obfuscation has never been a cryptographically effective protection against adversaries getting to know the approximate cleartext size. Anything the size of a movie remained the size of a movie and was most likely not mistaken for a text document. Nevertheless, we will miss you. R.I.P.
This release fixes two (related) vulnerabilities allowing malicious Flash files being injected into vaults, that can be executed to "bypass" the SOP and access files from a Flash-enabled browser.
Kudos to @LukasReschke for reporting them!
This also fixes various bugs with Dropbox, Google Drive, Windows drive letters, the Windows Registry and WebDAV access on Linux. A complete list of closed issues is available here.
Mostly a bugfix release for ownCloud users (#288). Directories are now stored with different names to avoid conflicts with the naming scheme of ownCloud in case of synchronization conflicts.
Also a language update including Dutch, English, French, German, Hungarian, Italian, Korean, Russian, Slovak, Spanish and Turkish.
- Password Strength Indicator (#198): Based on Dropbox's zxcvbn. Kudos to @jncharon for implementing this feature.
- Sync Conflict Resolution (#98): When editing a file on multiple devices simultaneously, version conflicts are inevitable. Dropbox, Google Drive, etc. can detect these conflicts and will provide all versions of the affected file. From now on Cryptomator will transparently pass detected conflicts right to the decrypted drive to ensure no version gets lost.
- Several small tweaks and fixes.
Native builds (no Java required) are, as always, available on https://cryptomator.org/