Announcement

**_r00t-** · 03 April 2023, 07:28 PM

Is this Btrfs fscrypt equal to LUKS/LUKS2?

**fong38** · 03 April 2023, 07:41 PM

Originally posted by _r00t- View Post

Is this Btrfs fscrypt equal to LUKS/LUKS2?

AFAIK it's more akin to ZFS' native encryption which is on a file-basis, allowing more flexibility in terms of what gets encrypted and with which key (allowing each dataset to be encrypted by a different key for instance) at the cost of leaking metadata in comparison to full-disk encryption (aka LUKS).

**dylanmtaylor** · 03 April 2023, 07:46 PM

I'd like to see Ubuntu enable encryption by default too. Whether we like it or not, it's kind of the "default" Linux that most people start with, and more security by default will benefit a huge amount of people and the ecosystem as a whole.

**Mitch** · 03 April 2023, 08:53 PM

This is just one more nice thing Fedora and other distros can do to help provide great defaults easily to new users. Imagine one day you could pop a USB with Fedora or Ubuntu into your technophobic uncle's old computer, and after a one-time process that's as easy as signing in to one's e-mail, it just works without fuss and runs all his stuff, and it's easy and secure.

It would give back a lot of people some choice, privacy, and control, and it could really help the Linux community grow.

**Turbine** · 03 April 2023, 10:59 PM

I guess. But they better make it easy to mount in liveboot and recover. Linux distros have a hard time mounting ntfs drives and network locations still in 2023. Currently it's working on my pc, but I know fedora failed last I used it.

**SpyroRyder** · 04 April 2023, 12:05 AM

Originally posted by dylanmtaylor View Post

I'd like to see Ubuntu enable encryption by default too. Whether we like it or not, it's kind of the "default" Linux that most people start with, and more security by default will benefit a huge amount of people and the ecosystem as a whole.

They definitely shouls though i do wonder by how much theyre still the default these days. There arent that many places stil singing their praises like in the old days, or at least not to the same degree. Im not tied into the newbie scenes these days so im not sure whats bouncing around the schools but a lot of the discussions i had with friends who were new to linux over the last 5 years tended to be more the more system tinkery/gamer sort that tried a variant of Arch

**Beryesa** · 04 April 2023, 12:40 AM

Some benchmarks on this & comparable ones in the future would be really appreciated.

**Chugworth** · 04 April 2023, 01:33 AM

Originally posted by fong38 View Post

AFAIK it's more akin to ZFS' native encryption which is on a file-basis, allowing more flexibility in terms of what gets encrypted and with which key (allowing each dataset to be encrypted by a different key for instance) at the cost of leaking metadata in comparison to full-disk encryption (aka LUKS).

ZFS encryption is not done on a file-basis. It encrypts all data inside of the dataset. However, information such as the dataset name, snapshot names, and dataset properties does not get encrypted. By looking at the data that's not encrypted, you can see how large the dataset is and get an idea of how much data is changing between the snapshots. But you cannot see things such as file counts or directory structures. Their method allows for some interesting abilities like sending and receiving snapshots without decrypting them.

It will be interesting to see how the encryption implementation of Btrfs compares. Hopefully it's not on a per-file basis, but I think their send/receive ability streams changes at the file level so it wouldn't surprise me if it is.

**oleid** · 04 April 2023, 01:40 AM

Uh, do we have an ETA for btrfs based encryption?

Announcement

Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment