Re: Ecryptfs vs encfs
On Mon, Mar 21, 2011 at 11:51 PM, Todd A. Jacobs
> On Mon, Mar 21, 2011 at 8:09 PM, Dan <email@example.com> wrote:
>> I would like to encrypt some folders in the home directory of the
>> users in a server. I have seen that there are 2 choices ecryptfs and
>> encfs. They seem to be very similar. Which one do you think that it is
> One isn't better than the other; they serve different use cases.
> Ecryptfs is a stacked filesystem that runs in the kernel, while encfs
> is a FUSE-based filesystem that runs in userspace.
> IMHO encfs is a better solution for individual users; it's less
> complex to implement and doesn't have stack issues (see
> http://ecryptfs.sourceforge.net/ecryptfs-faq.html#stack). On the other
> hand, ecryptfs is the default for encrypted home directories in Ubuntu
> and probably works faster due to running in kernel space.
> Generally, my advice is to use dm-crypt for block devices (like
> encrypting an entire /home partition that root plans to mount at
> bootup), and encfs for encrypting individual directories other than
> $HOME. YMMV.
Why do you say that ecrypt is less complex. From a user "point of
view" ecryptfs seems to be easy to implement in a multiuser server.
The issues of being a stack filesystem only affect the XFS file
system, not the ext3 or ext4. Right?
It seems that ecryptfs is more popular than encfs. Is there any reason for that?