Tip:
Highlight text to annotate it
X
Ecryptfs has a number of advantages over LUKS/dm-crypt.
Back up to cloud As the encryption is at file level, you can backup your .Private directory to a cloud service or external drive without worrying about your data being accessible to others. Just make sure you backup .cryptfs and your passphrase some separate and secure.
Multi-user security Ecryptfs can encrypt directories separately for each user.
Directory Ecryptfs can also be used on system directories and swap, with a suitable fstab entry, but it will prompt for a passphrase.
Login to read A user's data is only available when the user is logged in, and even then ecryptfs defaults to making it only readable by that user (and root, of course).
There are, however, some disadvantages too:
Many files It is slower dealing with directories containing many files, although this can be mitigated (at the expense of security) by having ecryptfs not encrypt filenames.
Large files Because each file is encrypted separately, the files all increase in size, which can be significant with a large number of small files, like an email or browser cache.
Not cross-platform Ecryptfs is Linux only, using features of the kernel, which won't be a problem for everyone. As far as we are aware, there's no reliable way to read Windows files.