Some 6 months ago
I
wrote about file-system encryption on GNU/Linux and my software of
choice,
eCryptfs. The entry was
followed by an
article
describing my setup, which I updated today. I learned from my
mistakes and those of others, and the article now introduces a pretty
different setup. Besides these changes I also did minor updates from
time to time, like adding information on two-factor
authentication and tmpfs with the purpose of further
securing your setup. If you by any chance followed my initial article
converting your current setup can be done in minutes. If you haven't
already found your own path to a better practice.
Ubuntu stays the only distribution with a completely
integrated eCryptfs setup. Integration in their last release is
excellent. I spent a lot of time with eCryptfs and Ubuntu developers
and learning from their experience was invaluable. I also saw a lot of
Ubuntu users that loosed their data (by their own fault). Which brings
me to stability and reliability of eCryptfs.
I must say that living with eCryptfs was excellent. It is reliable and
a performance hit was always minimal. At the time I started using it
the only published benchmark was from Phoronix. Results were
pretty good, most of the time performance impact was less
than 2%. Last week they published an
updated
benchmark and this time results are not looking too good. I can't
say what happened, I never noticed it in my own day to day operation,
but Phoronix is more or less a credible source. It could be worse
though, just days ago LUKS users
were locked out of
their homes.
Linux Magazine published a big
article on eCryptfs
just yesterday. It was written
by Dustin Kirkland,
eCryptfs developer, and it's one of the best on the subject.