I'm in the process of doing some maintenace on my desktop at home, including moving from a single disk to a RAID-1 environment. As part of this, I was wondering if it's a good idea to migrate from dm-crypt/LUKS (my current method, been using it since I was using Gentoo a few years back) to eCryptfs. Before I do this, I had a few questions regarding eCryptfs I haven't seen answered online. Specifically, has the security of eCryptfs been audited much? I'm not storing anything super-sensitive, but I do have financial records and other personal information that I'd like to keep secure. Secondly, is there a way to prevent encryption on a subset of my home directory? I don't see a need for my .wine (World of Warcraft, tbh) and VirtualBox Disk Images to be encrypted (seems like an unnecessary performance hit). Third, are acls/xattrs supported on an ecryptfs mounted system? I understand the information may be passed through to the underlying file system.
My general plan is this: 1. Full backup of $HOME 2. Install new HD, create degraded RAID-1. 3. Slice new RAID with LVM (I like to keep /home separate in case of reinstall) 4. Setup new $HOME with ecryptfs as detailed in http://www.linux-mag.com/id/7568/2/ 5. Rsync old HD to new from a LiveCD 6. Readd old HD as "replacement" member for RAID-1. It seems like this is the ideal time to move from LUKS to eCryptfs. My main motivation for moving is not having to have a defined size for my partition. My understanding is that with eCryptfs, I should have no problems resizing /home using LVM/resize2fs. Is there any reason not to switch? Thanks in advance, David -- David Tomaschik, RHCE System Administrator/Developer http://tuxteam.com GPG: 0x6D428695
_______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
