On Mon, Sep 24, 2007 at 05:49:16PM -0400, Thomas Harning Jr. wrote: > Have there been any benchmarks performed on a machine w/ ecryptfs, > encfs, and potentially the block-level options?
Not formally. Informally, some people have reported noticeable improvements when using eCryptfs for tasks that they previously used EncFS to perform. > Basically what's currently needed in my case is a lightweight crypto > solution thats fast. dm-crypt is probably the absolute fastest option, since it entails the least amount of overhead (it's not a filesystem, after all). It also gives you the least amount of flexibility, but if all you want is raw speed, it might be your best option. > If the options could support 'dummy' data (ex: mount over same > location but w/ diff password results in different data) that would > be a cool bonus. It sounds like you are looking for something more like TrueCrypt. > Also.... is there any plan to support sparse files? Not in the near future. The fact that a particular region is sparse could leak information. Consider, for instance, a database file where one region is filled in if a patient has a viral infection, another is filled in if the patient has diabetes, etc. > Looking at the LRW block-encryption algorithm, it seems like that > would be the method to use since it allows you to modify > single-chunks in a chain w/o having to worry about updating the > entire block it resides in. eCryptfs could be made to handle sparse regions by treating chunks of encrypted extents with all 0's as sparse extents, keeping metadata in the header in the (extremely) unlikely event that some real data extent actually encrypts to all 0's. But if you really want sparse files, you probably should be using something like dm-crypt or TrueCrypt instead, since that will guarantee that you won't leak information. Perhaps I will add sparse file support to eCryptfs at some point, allowing a user to enable it with a mount option, if the user is going to work with data that is not vulnerable to cryptanalysis based on known sparse regions. Mike
pgpBGWuuF2JBV.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
