Am Sat, 10 Dec 2011 01:25:16 +0100 schrieb Karol Babioch <karol@xxxxxxxxxx>: > Well that sounds a little bit misguiding for me. Once the device is > "opened" its totally transparent, so not only the kernel has access to > the data, but also any other running process / program. Of course the > "normal" file permissions are applied, but from the point of view of a > program, which accesses the filesystem on a high(er) level of > abstraction there is totally no difference whether the underlying > device is encrypted or not. I'm, of course, speaking of offline attacks. LUKS doesn't protect against online attacks. Which encryption you use depends on the particular use case. For really sensitive data it's best to using both, GnuPG and LUKS. Heiko