[ckuehl]

Is there a security benefit to encrypting at the filesystem layer as opposed to just encrypting the underlying block device (like dm-crypt)? It seems like whole-disk encryption would be much harder to accidentally implement insecurely.

[ianburrell]

Whole-disk encryption is simpler, but less secure than filesystem level encryption. Block level encryption can't protect against active attacks because it doesn't have the extra space to store checksums. Algorithms are much more vulnerable when the attacker can make modifications and see the response. This makes disk level encryption only suitable for protecting against your laptop being stolen.

Don't know if ext4 encryption supports it, but the filesystem could allocate extra space for checksums to verify files aren't being modified. It also could store different keys for each file or directory making it possible to lock and unlock portions of the filesystem separately.

[hobarrera]

> Algorithms are much more vulnerable when the attacker can make modifications and see the response.

That means having access to the block device itself, with the system in an unlocked state.

If you've reached that scenario, then it's game over for whatever data is being encrypted.

[dmix]

ArchLinux wiki has a great overview and comparison of disk encryption methods available to Linux:

https://wiki.archlinux.org/index.php/Disk_encryption#Data_en...

In addition it compares encrypting partitions vs specific data.