Somewhat related to a previous question, is stacking encryption under and via file systems a good idea?
For example, dm-crypt for the device, and then eCryptfs or veracrypt for the file system.
If it's not a good idea, why is it a bad idea?
Asked
Active
Viewed 352 times
2
-
The answer to your question is fundamentally the same as the answer to the previous question. Using one good cipher is enough, adding more won't help with security and will slow things down. – ztk Aug 10 '15 at 13:21
-
@ztk - it is different: the previous question is looking at it form a single user perspective. This question is looking at it from a *system* perspective (whereon, of course, there could be multiple users) – warren Aug 10 '15 at 15:17
-
Encrypting parts of the filesystem with veracypt will protect only those parts (opposed to the whole filesystem with dm-crypt), but it will enable you to decrypt them independently. The later can be useful in a multiuser scenario when the computer is shared between users and the 2 sessions are never used at the same time. If you are in this multiuser scenario, using dm-cypt will add value by better protecting your computer when turned off. Otherwise, you are better protected by only using dm-crypt. – Anonymous Coward Aug 10 '15 at 16:16
-
1@AnonymousCoward - can you expand that into a sourced answer? – warren Aug 10 '15 at 18:21