[Noisebridge-discuss] Encryption in the Ubuntu LiveCD installer

Andy Isaacson adi at hexapodia.org
Thu Apr 28 23:32:46 UTC 2011


On Thu, Apr 28, 2011 at 03:43:57PM -0700, Seth David Schoen wrote:
> The normal CD does support home directory encryption, via ecryptfs,
> instead of full disk encryption.  Unfortunately ecryptfs is slow
> and doesn't scale well to large directories (the metadata for
> each file is separately encrypted and requires a separate disk
> read and crypto operation per-file for stat or readdir) so people
> who check the crypto box may end up with a dim view of how efficient
> disk crypto is.  (I think ecryptfs could be a good choice for a
> system that's commonly used by multiple users, but not for the
> increasingly common case of a basically single-user laptop.)

ecryptfs also leaks a ton of information due to exposing the directory
structure and approximate size of the encrypted files.  For example,
it's quite easy to tell which versions of the Linux kernel tree you have
in your encrypted $HOME.

I am not a fan.

-andy



More information about the Noisebridge-discuss mailing list