ext3 or ext4 ? Encrypt ?

Wed Aug 26 19:34:00 UTC 2009

On Tue, 2009-08-25 at 09:59 -0700, Rick Stevens wrote:
> Micros50 wrote:
> > When doing a fresh install and making new partitions I was greeted with
> > some new options that I had never seen before. namely the option to use
> > the newer ext4 file system and, the option to encrypt a file system.
> > 
> > In my case I decided to go with ext4 except for the/boot partition in
> > which they recommended sticking with ext3.  So far so good, no issues
> > with using ext4.  I also decided to encrypt two partitions. So far so
> > good.
> > 
> > Wonder if anyone else feels it's best to go with these new options or
> > stick with the old options ?
> > 
> > Whatever the choice I just want to make sure my system sticks
> > together... :) Hah.
> 
> ext4 does give you some performance enhancements.  It does have the same
> caveat that ext3 has though, in that it's not built into the kernel by
> default so it has to be in your initrd image when booting.  Also, grub
> does not grok ext4, though, which is why the /boot partition must be
> ext2 or ext3.
> 
> Encryption has been around quite a while.  The only thing different here
> is that it's offered as part of Anaconda's setup.  It is purely
> optional and IMHO rather useless except on removable media.
> 
> It introduces a performance hit (albeit minor) that will slow down
> access to encrypted filesystems and puts a bit more load on the CPU.
> For those reasons, I wouldn't use it on filesystems that are used for
> high I/O (e.g. a database or the destination of a video encoder).
> 
> The fact you have to enter the passphrase for it when mounting makes
> it difficult to use for remotely managed machines (e.g. servers in a
> data center somewhere) and it really doesn't offer much security.  If
> someone cracks into your system while it's mounted, it's a moot point.
> 
> If you want to encrypt a filesystem on removable media (e.g. a FLASH
> drive, USB or firewire drive), then it can make some sense, but not
> otherwise.
> 
> That's just my opinion.  I could be wrong.

So, in other words on a hard disk that is installed in the system itself
encrypting the disc accomplishes little, unless of course someone were
to physically steal the computer or, steal the drive itself.

Nonetheless, I did, perhaps foolishly, encrypt a couple of my partitions
just to see if it does work and/or if there are any bizarre issues. Thus
far, other than having to answer a password, the encryption is more or
less transparent, i.e. everything works as normal. However, on my next
install/upgrade, I might just opt to go without the encryption. Of
course it depends on whether or not I'm in a cryptic mood. Hah hah. :)

Ciao

John