ecryptfs-users team mailing list archive

[David Tomaschik <david@xxxxxxxxxxx>]

I'm in the process of doing some maintenace on my desktop at home, including
moving from a single disk to a RAID-1 environment.  As part of this, I was
wondering if it's a good idea to migrate from dm-crypt/LUKS (my current
method, been using it since I was using Gentoo a few years back) to
eCryptfs.  Before I do this, I had a few questions regarding eCryptfs I
haven't seen answered online.  Specifically, has the security of eCryptfs
been audited much?  I'm not storing anything super-sensitive, but I do have
financial records and other personal information that I'd like to keep
secure.  Secondly, is there a way to prevent encryption on a subset of my
home directory?  I don't see a need for my .wine (World of Warcraft, tbh)
and VirtualBox Disk Images to be encrypted (seems like an unnecessary
performance hit).  Third, are acls/xattrs supported on an ecryptfs mounted
system?  I understand the information may be passed through to the
underlying file system.

My general plan is this:
1. Full backup of $HOME
2. Install new HD, create degraded RAID-1.
3. Slice new RAID with LVM (I like to keep /home separate in case of
reinstall)
4. Setup new $HOME with ecryptfs as detailed in
http://www.linux-mag.com/id/7568/2/
5. Rsync old HD to new from a LiveCD
6. Readd old HD as "replacement" member for RAID-1.

It seems like this is the ideal time to move from LUKS to eCryptfs.  My main
motivation for moving is not having to have a defined size for my
partition.  My understanding is that with eCryptfs, I should have no
problems resizing /home using LVM/resize2fs.  Is there any reason not to
switch?

Thanks in advance,
David

-- 
David Tomaschik, RHCE
System Administrator/Developer
http://tuxteam.com
GPG: 0x6D428695