Re: ecryptfs alternatives
On Wed, Dec 11, 2013 at 10:33:34PM +0100, Michał Piotrowski wrote: The beauty of ecryptfs is that I can encrypt one dir - not whole file system. What's the concern with encrypting the whole filesystem? It's better for you because you leave significant personal information all over the disk, eg in log files in /var/log, in /etc files. Performance- wise it's not IMHO noticeable. I use ecryptfs for Dropbox synchronization. I let it synchronize the encrypted folder and decrypt it on my clients. Very useful. A simple and convenient way how to synchronize private data. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
2013/12/18 Kamil Paral kpa...@redhat.com On Wed, Dec 11, 2013 at 10:33:34PM +0100, Michał Piotrowski wrote: The beauty of ecryptfs is that I can encrypt one dir - not whole file system. What's the concern with encrypting the whole filesystem? It's better for you because you leave significant personal information all over the disk, eg in log files in /var/log, in /etc files. Performance- wise it's not IMHO noticeable. I use ecryptfs for Dropbox synchronization. I let it synchronize the encrypted folder and decrypt it on my clients. Very useful. A simple and convenient way how to synchronize private data. There is another use case: Michal wants to store backups of his backups on his fiancee hdd. Ewelina uses her hdd in her work place so there is a possibility that someone can steal the data. Michal can encrypt his data without encrypting the whole hdd so Ewelina can use it to her normal work. Of course this can be done with gpg2, but ecryptfs is a lot easier to use. It's OT here, but what are the reasons why RH drops support for ecryptfs? Ecryptfs seems to be more user friendly for encrypting data on btrfs than using dm-crypt on each drive. For example - you have a btrfs that uses 3 different hdd's - AFAIU you need to enter password for each hdd before mounting filesystem. -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
On Wed, Dec 18, 2013 at 05:02:47PM +0100, Michał Piotrowski wrote: Ecryptfs seems to be more user friendly for encrypting data on btrfs than using dm-crypt on each drive. For example - you have a btrfs that uses 3 different hdd's - AFAIU you need to enter password for each hdd before mounting filesystem. At least when set up through Anaconda that's not the case. You are asked for the passphrase only once. I don't know what exactly it is Anaconda is doing here but it's definitely nice. On most other distributions you really do have to enter the passphrase multiple times, once for each device listed in crypttab. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
On Wed, Dec 11, 2013 at 10:33:34PM +0100, Michał Piotrowski wrote: The beauty of ecryptfs is that I can encrypt one dir - not whole file system. What's the concern with encrypting the whole filesystem? It's better for you because you leave significant personal information all over the disk, eg in log files in /var/log, in /etc files. Performance- wise it's not IMHO noticeable. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
On Thu, Dec 12, 2013 at 15:17:33 +, Richard W.M. Jones rjo...@redhat.com wrote: On Wed, Dec 11, 2013 at 10:33:34PM +0100, Michał Piotrowski wrote: The beauty of ecryptfs is that I can encrypt one dir - not whole file system. What's the concern with encrypting the whole filesystem? It's better for you because you leave significant personal information all over the disk, eg in log files in /var/log, in /etc files. Performance- wise it's not IMHO noticeable. On a multi-user system one might be worried about some threats from other users that might be mitigated by encrypting directories. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
Hi, 2013/12/12 Bruno Wolff III br...@wolff.to On Thu, Dec 12, 2013 at 15:17:33 +, Richard W.M. Jones rjo...@redhat.com wrote: On Wed, Dec 11, 2013 at 10:33:34PM +0100, Michał Piotrowski wrote: The beauty of ecryptfs is that I can encrypt one dir - not whole file system. What's the concern with encrypting the whole filesystem? It's better for you because you leave significant personal information all over the disk, eg in log files in /var/log, in /etc files. I'm aware of this, but I'm not so paranoid :) Performance- wise it's not IMHO noticeable. On a multi-user system one might be worried about some threats from other users that might be mitigated by encrypting directories. That was the use case when I started to use ecryptfs 4.5 years ago. Currently I can use full disc encryption for my data. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
2013/12/11 Michał Piotrowski mkkp...@gmail.com: Hi, I have read in RHEL 7 beta release notes that ecryptfs will be deprecated in this release. The problem is that I've got a system on Fedora19 (which I want to move to EL7 after release) with some encrypted data. I'm looking for realiable alternative to ecryptfs that will work on EL7 out of box or will be relatively easy to build (without rebuilding kernel modules every update). Can you recommend any solutions? dm-crypt. Also compatible with TrueCrypt (via external userspace utility - tc-play). -- With best regards, Peter Lemenkov. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: ecryptfs alternatives
Hi, 2013/12/11 Peter Lemenkov lemen...@gmail.com 2013/12/11 Michał Piotrowski mkkp...@gmail.com: Hi, I have read in RHEL 7 beta release notes that ecryptfs will be deprecated in this release. The problem is that I've got a system on Fedora19 (which I want to move to EL7 after release) with some encrypted data. I'm looking for realiable alternative to ecryptfs that will work on EL7 out of box or will be relatively easy to build (without rebuilding kernel modules every update). Can you recommend any solutions? dm-crypt. Also compatible with TrueCrypt (via external userspace utility - tc-play). The beauty of ecryptfs is that I can encrypt one dir - not whole file system. -- With best regards, Peter Lemenkov. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct