Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Which is better, "block level encryption" or "stacked file system" encryption tools in Linux?

user-image
Question ajoutée par Utilisateur supprimé
Date de publication: 2013/07/10
Tariq Ghouri
par Tariq Ghouri , Resident Engineer , Pakistan Petroleum Ltd.

It depends upon your needs or the situation you are facing ..
both are the best tools

Utilisateur supprimé
par Utilisateur supprimé

In block level encryption, the well known tools are Truecrypt, loop+AES, dm-crypt+luks.
I'm using Truecrypt as my encryption tool and not only supports linux but supports other platform.
I can't say anything on performance because I never used the other two tools.
In stacked level encryption, EncFS and eCryptfs are well known tools.
Both have same performance.

Athanassios Staveris-Polykalas
par Athanassios Staveris-Polykalas , Secretary General of Telecommunications and Post - Hellenic Republic , General Secretariat of Telecommunications and Post - Hellenic Republic

hi For stacked level I would suggest ecryptfs or EncFs.
if remember correct encfs does not need special permissions.
Regarding block device level encryption there are:1.
loop-aes2.
truecrypt3.dm-crypt+luks and other .
My favourites now for stacked is ecryptfs and for block leve encryption truecrypt.
In any case check the others i have send you, maybe are better for your needs.
hope i helped.

Dariusz Duma
par Dariusz Duma , System Engineer , Cisco

Ask yourself a question - "what means 'better' in implementation".
Both methods have pros and cons.
If you are looking for best performance, block-level encryption (dm-crypt) is faster than stacked files encryption (encfs, ecryptfs).
Especially, if you has a hardware accelerator for AES.
But if you need to hide only few files, and you'll open them once for a week - block-level is less complicated.
If you want to protect plenty of files, used very frequently - dm-crypt is the best option.
In the matter of security, you've to remember that some files may land decrypted outside your crypted filesystem - for example, in swap space.
Thief can read them from swap without problem - unless, swap'll be encrypted too (dm-crypt).

More Questions Like This