Hi, Am 09.12.2011 21:14, schrieb Leonid Isaev:
I think it's a better idea to have either /var/lib or entire /var on reiserfs.
Of course everyone is free to choose and experiment with the different available options, but in general I think you don't make anything wrong when choosing ext4. Besides being the "official" filesystem, which is at least claimed to be best tested, it will at some point be upgradable to btrfs without much of a hassle. Looking at the features of btrfs and its speed right now, I think this will be the best choice at some point. Am 10.12.2011 00:13, schrieb Heiko Baums:
so that nobody can see what's on your harddisk except for the kernel, the initrd and the bootloader of course.
Well that sounds a little bit misguiding for me. Once the device is "opened" its totally transparent, so not only the kernel has access to the data, but also any other running process / program. Of course the "normal" file permissions are applied, but from the point of view of a program, which accesses the filesystem on a high(er) level of abstraction there is totally no difference whether the underlying device is encrypted or not. Am 10.12.2011 00:32, schrieb Leonid Isaev:
I know. My sensitive data is localized, and I don't care to encrypt /usr/bin/firefox. If transparency is needed, I would go with ubuntu's ecryptfs. It's simpler, but of course requires FS to be supported by linux. Not to say that full disk encryption isn't usefull...
As said above LUKS is totally transparent. Of course there is a reason for so many solutions concerning encryption to exist. However I personally prefer LUKS (dm-crypt) when it comes to whole drive encryption. Its quite easy to set up, has proven to be solid, it is even easy to have the swap partition encrypted and its quite general in the Linux world, so you can use it with most (all ;)) distributions. If you just want to have some files and/or (home) folders encrypted it makes perfectly sense to use Truecrypt, ecryptfs and/or GnuPG. However I probably would suggest everyone to go for the whole drive encryption, unless there are reasons not do so. Especially on laptops it makes sense, because they tend to get stolen or lost and in most cases there is sensitive data on them. Furthermore I don't like the idea to have everything unencrypted on my hard disk. Hard disks get broken all the time and I don't want to have some customer service to have access to my data. Moreover every disk nowadays can reallocate sectors, which then in return it is not so easy to delete / overwrite anymore, because often it is not documented whether or not a secure erase affects these sectors as well. As newer CPUs are fast enough for this little bit of overhead anyway (especially with hardware support for AES), I don't see any relevant downsides to encryption. Therefore, personally, I would always choose to go for it. Best regards, Karol Babioch