eCryptfs

Bug #509180
Comment #153

Comment 153 for bug 509180

Revision history for this message

ilia (ilia) wrote on 2011-11-21:

#153

This bug no longer affects me, as well as all other ecryptfs related bugs! :)

It has turned out that my needs are fulfilled by another solution, much better in terms of stability AND performance: LUKS.
The difference from ecryptfs from the user's point of view:
1. whole partition/volume is encrypted (I use a separate LVM volume for /home anyway)
2. a simplest setup requires a user to enter a password upon boot (this may be automated for those who needs it, but I don't mind)
3. very stable:
no more kernel errors, I/O errors and trailing garbage in your files!
4. much better performance:
in my simple tests the improvement ranges from 5% for 300M single file read to 2000% (i.e. 21 times faster) for fstat'ing 5000 files! All tests were performed with cold caches, I just show worst and best results here, but the general feeling is that average improvement close to an order of magnitude.

Quick howto "starting using LUKS right now":
1. Allocate new volume/partition, e.g.
     sudo lvcreate --size 10G --name test_luks vg00
    OR use fdisk to create something like /dev/sda6, then substitute your device name in place of /dev/mapper/vg00-test_luks below
2. Format it for LUKS
    sudo cryptsetup luksFormat /dev/mapper/vg00-test_luks
    provide a password when asked (anything, not your login one)
3. Setup automatic decryption
    echo "test_crypt /dev/mapper/vg00-test_luks none luks" | sudo tee -a /etc/crypttab
4. Format decrypted volume, e.g. as ext4
    sudo cryptdisks_start test_crypt
    sudo mkfs.ext4 /dev/mapper/test_crypt
5. Setup automatic mount, e.g.
    echo '/dev/mapper/test_crypt /mnt/test ext4 defaults 0 2' | sudo tee -a /etc/fstab
6. Reboot to test. You will need to provide a password during boot process.

When you are comfortable LUKS you can migrate your /home to it and have fun :)

More info for the curious:
1. https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS
2. man cryptsetup crypttab
3. google :)

P.S. While this comment is formally off-topic I think many users affected by this bug may find it useful.

This bug no longer affects me, as well as all other ecryptfs related bugs! :)

It has turned out that my needs are fulfilled by another solution, much better in terms of stability AND performance: LUKS.
The difference from ecryptfs from the user's point of view:
1. whole partition/volume is encrypted (I use a separate LVM volume for /home anyway)
2. a simplest setup requires a user to enter a password upon boot (this may be automated for those who needs it, but I don't mind)
3. very stable:
     no more kernel errors, I/O errors and trailing garbage in your files!
4. much better performance:
    in my simple tests the improvement ranges from 5% for 300M single file read to 2000% (i.e. 21 times faster) for fstat'ing 5000 files! All tests were performed with cold caches, I just show worst and best results here, but the general feeling is that average improvement close to an order of magnitude.

When you are comfortable LUKS you can migrate your /home to it and have fun :)

More info for the curious:
1. https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS
2. man cryptsetup crypttab
3. google :)

P.S. While this comment is formally off-topic I think many users affected by this bug may find it useful.