[wyager]

>All else being equal, you'd prefer an encrypted filesystem to a simulated encrypted hard disk.

I disagree for these reasons:

1. This decreases composability. With encrypted filesystems, I can't mix and match filesystems and cryptosystems to suit my needs. There is no reason they need to be convolved.

2. This increases complexity. Now, the person writing the software has to be an expert in both filesystems and cryptosystems if they want to do a good job. There is more room for error. (You might say it violates the UNIX philosophy of "do one thing and do it well".)

3. This leaks information to an attacker. They know the layout of my files even without my password. I'm more comfortable with absolutely everything looking like a giant monolithic block of random data.

[tptacek]

There's nothing I can say in response to this comment that I haven't already said upthread and here:

http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/

[wyager]

Thanks for the link. Those are some very valid points.

[tptacek]

Of course, there's some validity to the "composability" point, which is why we use both full-disk encryption and encryption at the filesystem layer. I don't think enabling full-disk encryption is a bad thing. Having full-disk encryption is what allows me not to panic if I leave my laptop in the unlocked back seat of my car; I don't have to worry about what state the filesystem was in, because the whole disk is locked.