Re: Ecryptfs vs encfs
On Mon, Mar 21, 2011 at 8:09 PM, Dan <firstname.lastname@example.org> wrote:
> I would like to encrypt some folders in the home directory of the
> users in a server. I have seen that there are 2 choices ecryptfs and
> encfs. They seem to be very similar. Which one do you think that it is
One isn't better than the other; they serve different use cases.
Ecryptfs is a stacked filesystem that runs in the kernel, while encfs
is a FUSE-based filesystem that runs in userspace.
IMHO encfs is a better solution for individual users; it's less
complex to implement and doesn't have stack issues (see
http://ecryptfs.sourceforge.net/ecryptfs-faq.html#stack). On the other
hand, ecryptfs is the default for encrypted home directories in Ubuntu
and probably works faster due to running in kernel space.
Generally, my advice is to use dm-crypt for block devices (like
encrypting an entire /home partition that root plans to mount at
bootup), and encfs for encrypting individual directories other than