ecryptfs-users team mailing list archive

[Dustin Kirkland <kirkland@xxxxxxxxxxxxx>]

On Fri, Feb 5, 2010 at 11:54 AM, David Tomaschik <david@xxxxxxxxxxx> wrote:
> I'm in the process of doing some maintenace on my desktop at home, including
> moving from a single disk to a RAID-1 environment.  As part of this, I was
> wondering if it's a good idea to migrate from dm-crypt/LUKS (my current
> method, been using it since I was using Gentoo a few years back) to
> eCryptfs.  Before I do this, I had a few questions regarding eCryptfs I
> haven't seen answered online.  Specifically, has the security of eCryptfs
> been audited much?  I'm not storing anything super-sensitive, but I do have
> financial records and other personal information that I'd like to keep
> secure.

Hmm, audited much...

Well, there hasn't been any specific audit or security certification,
that I'm aware of.

However, I can say that:

 1) eCryptfs was designed and written by developers in IBM's Linux
Technology Center and IBM Research

 2) Canonical has invested significant effort in enhancing eCryptfs
and making it usable by human beings, and specifically implementing
the Encrypted Home Directory feature; also, it had to pass through a
bit of a security review to be included in Ubuntu main and added to
the Desktop CD

 3) Red Hat backported a modern ecryptfs kernel module and
ecryptfs-utils userspace to the last update to RHEL5, which resulted
in a number of nice bug fixes

 4) I ran a series of "crypto challenges" in my blog, offering prizes
to the first person to crack each of 3 "challenges"; in each case,
brute force was used and no short-cuts were found

 5) Erez Zadok has used eCryptfs in his graduate level filesystems
class at cs.sunysb.edu, and his students have submitted several minor
fixes to the kernel module

>  Secondly, is there a way to prevent encryption on a subset of my
> home directory?  I don't see a need for my .wine (World of Warcraft, tbh)
> and VirtualBox Disk Images to be encrypted (seems like an unnecessary
> performance hit).

Sure.  Just create a symlink to a non-encrypted directory.

I store all of my development source code and trees under
/local/source.  In my home directory, I have a symlink ~/src ->
/local/source.  So I can just cd ~/src and I'm in non-encrypted space.

> Third, are acls/xattrs supported on an ecryptfs mounted
> system?  I understand the information may be passed through to the
> underlying file system.

Yes, they should be.  Tyler Hicks will have more information on this.

> My general plan is this:
> 1. Full backup of $HOME
> 2. Install new HD, create degraded RAID-1.
> 3. Slice new RAID with LVM (I like to keep /home separate in case of
> reinstall)
> 4. Setup new $HOME with ecryptfs as detailed in
> http://www.linux-mag.com/id/7568/2/
> 5. Rsync old HD to new from a LiveCD
> 6. Readd old HD as "replacement" member for RAID-1.
>
> It seems like this is the ideal time to move from LUKS to eCryptfs.  My main
> motivation for moving is not having to have a defined size for my
> partition.  My understanding is that with eCryptfs, I should have no
> problems resizing /home using LVM/resize2fs.  Is there any reason not to
> switch?

Well, one of the main motivations for using eCryptfs is that you don't
have to preallocate some set amount of space for your encrypted
information, as you do with dmcrypt or LVM-LUKS, etc.

Your /home partition is on some filesystem of your choice (ext3, ext4,
xfs, etc.).  Your eCryptfs encrypted home is a layer on top of that,
/home/$USER, such that when it's mounted, you just read/write files as
normal.  But when they actually get written to the disk, they are
encrypted on a per file basis.  These exist as binary/encrypted files
on the underlying filesystem wherever /home is.  You can write as many
of those files as you want, until /home fills up.  In this sense, the
behavior and user experience is more like what you have when you have
a non-encrypted home.

:-Dustin