Ecryptfs vs Veracrypt

Any opinions on using ecryptfs vs veracrypt?

The specific use case is for backups. The planned set up is that my Raspberry Pi will make scheduled backups to a (ecryptfs/veracrypt) mounted external USB stick. The idea being if the USB stick was pulled out, it would be encrypted.

  • It seems Veracrypt is a little more user friendly, especially with the GUI if I use the USB stick on my laptop
  • Veracrypt has better support for other platforms if I needed to mount the disk on a different computer
  • I’m not too worried about speed differences

I’m leaning towards Veracrypt. Anything I’m not thinking about or other suggestions/ideas?

Dont know much about ecryptfs so I cant say +/- on them
But I currently use veracrypt and its probably the best option
Only disadvantage for veracrypt is that iirc it doesnt have great macOS support

I think Veracrypt is more accessible if that’s a factor and it obviously provides more options in terms of ciphers. I don’t know if ecrytfs has gone through an external audit like Veracrypt. And from what I’ve seen I’m insure how active it’s developed, while Veracrypt is under active development. So my gut feeling would be to go with Veracrypt, but you can see that I don’t claim to judge the quality of then code itself.

1 Like

We attended a talk of Mr. Schumacher from the German Magdeburger Institut für Sicherheitsforschung (Institute of security research in Magdeburg).

In summary, Schumacher stated the following regarding file encryption:

  • LUKS/LVM supports full-disk encryption (and optionally 2FA)
  • ext4 supports folder-based encryption
  • eCryptFS/encfs are outdated/unmaintained
  • GoCryptFS uses modern crypto but leaks metadata
  • CryFS uses modern crypto and hides metadata but is slower than GoCryptFS

Gnome has integrated support to mount/decrypt veracrypt disks which makes things even easier on lots of systems.