Am 09.12.2011 21:14, schrieb Leonid Isaev:
> I think it's a better idea to have either /var/lib or entire /var on
Of course everyone is free to choose and experiment with the different
available options, but in general I think you don't make anything wrong
when choosing ext4. Besides being the "official" filesystem, which is at
least claimed to be best tested, it will at some point be upgradable to
btrfs without much of a hassle. Looking at the features of btrfs and its
speed right now, I think this will be the best choice at some point.
Am 10.12.2011 00:13, schrieb Heiko Baums:
> so that nobody can see what's on your
> harddisk except for the kernel, the initrd and the bootloader of
Well that sounds a little bit misguiding for me. Once the device is
"opened" its totally transparent, so not only the kernel has access to
the data, but also any other running process / program. Of course the
"normal" file permissions are applied, but from the point of view of a
program, which accesses the filesystem on a high(er) level of
abstraction there is totally no difference whether the underlying device
is encrypted or not.
Am 10.12.2011 00:32, schrieb Leonid Isaev:
> I know. My sensitive data is localized, and I don't care to encrypt
> /usr/bin/firefox. If transparency is needed, I would go with ubuntu's
> ecryptfs. It's simpler, but of course requires FS to be supported by linux.
> Not to say that full disk encryption isn't usefull...
As said above LUKS is totally transparent. Of course there is a reason
for so many solutions concerning encryption to exist. However I
personally prefer LUKS (dm-crypt) when it comes to whole drive
encryption. Its quite easy to set up, has proven to be solid, it is even
easy to have the swap partition encrypted and its quite general in the
Linux world, so you can use it with most (all
If you just want to have some files and/or (home) folders encrypted it
makes perfectly sense to use Truecrypt, ecryptfs and/or GnuPG.
However I probably would suggest everyone to go for the whole drive
encryption, unless there are reasons not do so. Especially on laptops it
makes sense, because they tend to get stolen or lost and in most cases
there is sensitive data on them. Furthermore I don't like the idea to
have everything unencrypted on my hard disk. Hard disks get broken all
the time and I don't want to have some customer service to have access
to my data. Moreover every disk nowadays can reallocate sectors, which
then in return it is not so easy to delete / overwrite anymore, because
often it is not documented whether or not a secure erase affects these
sectors as well.
As newer CPUs are fast enough for this little bit of overhead anyway
(especially with hardware support for AES), I don't see any relevant
downsides to encryption. Therefore, personally, I would always choose to
go for it.