5
I'm considering encrypting the contents of my laptop, which runs Ubuntu 10.04 and has an ext4 + swap, and I'm wondering what the best options are here. I'm aware of:
- TrueCrypt: either block-level encryption or virtual device within a file
- ecryptfs: FS-level encryption
- dm-crypt: block-level encryption
- Loop-AES: block-level encryption
- encrypted LVM: block-level encryption
I'm trying to get a taste for what the best options are (or what the trade-offs are) if I want to encrypt at least /var, /home, /tmp, /etc, and swap (think that pretty much covers most sensitive data, assuming I'm not installing secret applications into /usr or anything). Some guiding questions:
- How big is the impact on both performance and battery life? What about performance on SSDs?
- In my case, can I set it up without having to set up a new system - just take my existing ext4/swap and encrypt them? (Preferably without requiring some intermediate storage, but more importantly, preferably not requiring me to reinstall the OS?)
- Are any of the above recommended over others? (At least going forward, on Ubuntu)? Any that are obsolete/deprecated?
I realize there are previous discussions on disk encryption in Linux but they tend to only cover subsets of the above options and questions. Thanks for any guidance.
One relevant previous question is What is the easiest way to encrypt a dir? (on Ubuntu). One possibility you've missed is
– Gilles 'SO- stop being evil' – 2010-10-03T21:56:24.333encfs
.On a separate note, mind that no encryption won't protect your data if someone gets temporary access to your laptop and installs malware on it — an “evil maid” attack.
– Gilles 'SO- stop being evil' – 2010-10-03T22:00:47.423