16Aug2007 (UTC +8) On 8/16/07, Federico Sevilla III <[EMAIL PROTECTED]> wrote: > Quoting Federico Sevilla III <[EMAIL PROTECTED]>: > > Quoting "Drexx Laggui [personal]" <[EMAIL PROTECTED]>: > >> Or should I go with the fast(?) XFS? It's been said it's not suggested > >> for an encrypted fs, but I really don't know yet. > > > > At FS3 we use XFS on top of LVM2 on top of dm-crypt, allowing us to > > fully encrypt our laptops (except for /boot, which is unencrypted > > ext3). Your statement above troubles me. Would you be able to share > > links that provide negative feedback about encryption and XFS, so I can > > investigate the issue further? > > The negative suggestion seems to be when using stacked encryption like > eCryptFS. Block-level encryption like dm-crypt is filesystem agnostic, > with the filesystem being on top of the encryption, not the other way > around, and is therefore much less problemmatic (if at all). > > My understanding is that block-level encryption is much simpler to > implement, at the cost of a negative performance hit due to the entire > system needing to go through the encryption/decryption process. We've > been quite happy with the performance of our encrypted systems, > though, if that feedback is worth anything. > > Federico Sevilla III > F S 3 Consulting Inc. > http://www.fs3.ph
Your feedback is much appreciated! I always like that kind of "war stories" where people have actually experienced stuff. Anyway, here's what I've come up so far with XFS and filesystem encryption: http://ecryptfs.sourceforge.net/ecryptfs-faq.html#compatibility Q. On what filesystems can I expect eCryptfs to function? A: eCryptfs has been well tested on ext3 and jfs. eCryptfs on xfs may be problematic because xfs can take up most of the available space for the call stack. eCryptfs currently has some degree of functionality on CIFS, and the eCryptfs development team is working with a member of the CIFS development team to get the kinks worked out. eCryptfs is broken on NFS for all kernels. Unionfs is also affected, and the Unionfs team is making good progress at getting the issues with stacking on NFS resolved. http://www.shimari.com/dm-crypt-on-raid/#risks "Do not attempt to use a filesystem which journals only metadata (reiser, XFS) as that will compound the problem" of filesystem corruption because: 1. "Entire blocks of encrypted data are likely to be left undecryptable by even a single bit error" and 2. "A RAID partition is likely to experience some loss of data on a power failure, since both drives power off simultaneously." It's also been said that XFS is like Linux filesystem on steroids. Why is this so? What made you guys choose XFS (let's say for a while we won't use encryption) ? Drexx Laggui; CISSP, ACFE Associate, CSA, CCSI; Singapore /Manila /California http://www.laggui.com (computer forensics, pentesting, QMS & ISMS developers) PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
