I tended to use encfs as my main encryption mechanism for local stuff, things that were not that important but I wanted to have encrypted, just in case. One of the good things was that the volume while it was decrypted it could only be read by the user that mounted that volume. So if I mounted that volume with user x, not even root could read it.
Yet, that creates a practical issue, specially on my current setup: I want the docker user to be able to read it and couldn’t find a reliable way for it. I mean, on MacOS works but not on Linux and that’s where I need it the most.
Then it comes veracrypt. Which is really good, works like a charm but I hate the fact that I need to create the volume with a fixed size beforehand. It has no issues with being read by other users though is not as straightforward to install on Linux-based machines as encfs.
That being said, veracrypt is actively maintained and a recent audit found issues which were patched almost immediately. On the other hand encfs has been dormant for way too long and a 2014 audit was not taken into account (tho it should have) and only recently there’s been development in order to do a version 2 but the reality is that ecryptfs is a better option on Linux over fuse.
So, if you have been using encfs like me please: more veracrypt, less encfs.
