ecryptfs-users team mailing list archive
-
ecryptfs-users team
-
Mailing list archive
-
Message #00026
Migrating from LUKS?
I'm in the process of doing some maintenace on my desktop at home, including
moving from a single disk to a RAID-1 environment. As part of this, I was
wondering if it's a good idea to migrate from dm-crypt/LUKS (my current
method, been using it since I was using Gentoo a few years back) to
eCryptfs. Before I do this, I had a few questions regarding eCryptfs I
haven't seen answered online. Specifically, has the security of eCryptfs
been audited much? I'm not storing anything super-sensitive, but I do have
financial records and other personal information that I'd like to keep
secure. Secondly, is there a way to prevent encryption on a subset of my
home directory? I don't see a need for my .wine (World of Warcraft, tbh)
and VirtualBox Disk Images to be encrypted (seems like an unnecessary
performance hit). Third, are acls/xattrs supported on an ecryptfs mounted
system? I understand the information may be passed through to the
underlying file system.
My general plan is this:
1. Full backup of $HOME
2. Install new HD, create degraded RAID-1.
3. Slice new RAID with LVM (I like to keep /home separate in case of
reinstall)
4. Setup new $HOME with ecryptfs as detailed in
http://www.linux-mag.com/id/7568/2/
5. Rsync old HD to new from a LiveCD
6. Readd old HD as "replacement" member for RAID-1.
It seems like this is the ideal time to move from LUKS to eCryptfs. My main
motivation for moving is not having to have a defined size for my
partition. My understanding is that with eCryptfs, I should have no
problems resizing /home using LVM/resize2fs. Is there any reason not to
switch?
Thanks in advance,
David
--
David Tomaschik, RHCE
System Administrator/Developer
http://tuxteam.com
GPG: 0x6D428695
Follow ups