How does eCryptfs compare with other Linux disk encryption solutions?
eCryptfs is an actual filesystem. Some other popular disk encryption technologies are not filesystems; they are block device encryption layers (they provide what appears to be a physical block device to some actual filesystem). There is no filesystem logic in these layers. A few of the more well-known block device encryption layers include dm-crypt, Truecrypt, and Loop-AES. Perhaps the best thing about block device-layer encryption is that it is an order of magnitude simpler to implement than filesystem-layer encryption. Another advantage of block device-layer encryption is that it will encrypt the entire filesystem, including all of the filesystem metadata. However, for many use cases, this can turn out to be more of a disadvantage than an advantage. While eCryptfs uses a powerful and flexible approach to protecting filesystem content, block device-layer encryption technology is still required to protect swap space and certain databases that use their own block device partition. The t
