When encrypting a user's home directory, either during the install procedure or later using ecryptfs-migrate-home, what encryption algorithm / key size is used by default?
The above answer is right, that AES is the cipher, but the reasoning is wrong.
User's home directories are configured by the script ecryptfs-setup-private.
In that shell script, the cipher and key length are harcoded:
CIPHER="aes"
KEYBYTES="16"
Likewise, in the C source code of the setuid mount helper, mount.ecryptfs_private, it is also hardcoded:
#define KEY_BYTES 16
#define KEY_CIPHER "aes"
These values were hard coded to minimize the support burden of helping millions of users encrypt their home directories.
