From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 16B021384B4 for ; Wed, 11 Nov 2015 22:55:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 35B0821C11C; Wed, 11 Nov 2015 22:54:56 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 0214621C084 for ; Wed, 11 Nov 2015 22:54:54 +0000 (UTC) Received: from digimed.co.uk (fenchurch.digimed.co.uk [192.168.1.6]) by mail.digimed.co.uk (Postfix) with ESMTPA id 4092F1EB2A2 for ; Wed, 11 Nov 2015 22:54:54 +0000 (GMT) Date: Wed, 11 Nov 2015 22:54:49 +0000 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Fileserver with Raid + Crypto + BtrFS Message-ID: <20151111225449.17993970@digimed.co.uk> In-Reply-To: <5643B097.4090503@ramses-pyramidenbau.de> References: <56437653.2080603@ramses-pyramidenbau.de> <20151111181912.071db258@digimed.co.uk> <5643B097.4090503@ramses-pyramidenbau.de> Organization: Digital Media Production X-Mailer: Claws Mail 3.13.0-47-ga5304d (GTK+ 2.24.28; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/BCVbsg/=NVJ8CE0+Q=myEtT"; protocol="application/pgp-signature" X-Archives-Salt: 8590e6b1-03e9-4c85-a343-1ac85efe8936 X-Archives-Hash: 8a599de49555a8fd4091abcbe1c1b2e5 --Sig_/BCVbsg/=NVJ8CE0+Q=myEtT Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 11 Nov 2015 22:18:15 +0100, Ralf wrote: > >> What would be the best way to have a Raid 10 together with a > >> encrypted Btrfs? =20 > > What about crypto on top of btrfs using a stacked filesystem like > > ecryptfs? =20 > Nope, I also thought about that, but this is not elegant. Besides that, > it would also slow down the system as ecryptfs runs in the VFS layer and > is yet another layer which operates on top of an existing filesystem. > (and not like luks, which would run a layer below btrfs). So that's a > lot of overhead. But you're only doing it once. =20 > Ecryptfs is really nice for encrypting dedicated files or directories > but I don't think that it is a good solution for encrypting a _whole_ > general purpose filesystem. Do you need to encrypt everything? Being able to only encrypt the directories that need it may be an advantage. --=20 Neil Bothwick Everything should be made as simple as possible, but no simpler. --Sig_/BCVbsg/=NVJ8CE0+Q=myEtT Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZDxzkACgkQum4al0N1GQPU9QCgx3LweZuQefNO7Un0guOLWSZ6 B2QAoJKIMxT/HQL4QhrcvuNPpZMcK1Bk =xCqk -----END PGP SIGNATURE----- --Sig_/BCVbsg/=NVJ8CE0+Q=myEtT--