ext3 or ext4 ? Encrypt ?

Rick Stevens ricks at nerd.com
Tue Aug 25 16:59:59 UTC 2009 

Micros50 wrote:
> When doing a fresh install and making new partitions I was greeted with
> some new options that I had never seen before. namely the option to use
> the newer ext4 file system and, the option to encrypt a file system.
> 
> In my case I decided to go with ext4 except for the/boot partition in
> which they recommended sticking with ext3.  So far so good, no issues
> with using ext4.  I also decided to encrypt two partitions. So far so
> good.
> 
> Wonder if anyone else feels it's best to go with these new options or
> stick with the old options ?
> 
> Whatever the choice I just want to make sure my system sticks
> together... :) Hah.

ext4 does give you some performance enhancements.  It does have the same
caveat that ext3 has though, in that it's not built into the kernel by
default so it has to be in your initrd image when booting.  Also, grub
does not grok ext4, though, which is why the /boot partition must be
ext2 or ext3.

Encryption has been around quite a while.  The only thing different here
is that it's offered as part of Anaconda's setup.  It is purely
optional and IMHO rather useless except on removable media.

It introduces a performance hit (albeit minor) that will slow down
access to encrypted filesystems and puts a bit more load on the CPU.
For those reasons, I wouldn't use it on filesystems that are used for
high I/O (e.g. a database or the destination of a video encoder).

The fact you have to enter the passphrase for it when mounting makes
it difficult to use for remotely managed machines (e.g. servers in a
data center somewhere) and it really doesn't offer much security.  If
someone cracks into your system while it's mounted, it's a moot point.

If you want to encrypt a filesystem on removable media (e.g. a FLASH
drive, USB or firewire drive), then it can make some sense, but not
otherwise.

That's just my opinion.  I could be wrong.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-            The gene pool could use a little chlorine.              -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list