Locking up Linux: Creating a Cryptobook


At least where LUKS is concerned, performance is hardly an issue - one must expect to pay some penalty for additional encryption facilities that handle unencrypted data transparently. All of these solutions are simple to set up and use on a daily basis, but LUKS is portable across Windows and Linux platforms.

Corporate users may have to navigate around entanglements caused by company-wide policies that can potentially restrict open source solutions, or prohibit certain implementations from being used in particular ways. They might also have to worry about import/export restrictions on encryption cipher strength, or require telephone support services that could rule out LUKS, EncFS, and CryptoFS. Nevertheless, LUKS makes an excellent solution for those not hampered by such concerns, and is a great solution for small business or personal use in any case.

Author's Opinion

CryptoFS and EncFS are userspace implementations. As explained earlier, they offer simplicity in design and implementation, but those characteristics come at the expense of performance and capability. This is especially obvious when they're compared against LUKS - it not only runs much faster, it can also be unlocked by one or more PGP keys, and it covers entire drive partitions.

Userspace containers might make the most sense for users who want to protect private information while working in a multi-user domain, and who also need to secure their data without administrative access to hardware and software resources. Beyond performance advantages and cross-platform compatibility, LUKS even integrates well with GNOME and the PGP keyring management facilities, so that ease-of-use in a daily context is unparalleled. That said, EncFS can be woven into the Pluggable Authentication Module (PAM) capability under Linux, where applicable.

Join our discussion on this topic