My work requires my laptop hard drive (running Linux) to be encrypted and from what I can tell TrueCrypt and LUKS seem to be the two major contenders out there.
In a "normal" system, if the system crashes (power gets cut, etc), it's easy to recover a corrupted system with fsck. However, on an encrypted system, things become a lot more complicated.
Which of TrueCrypt or LUKS offers the best stability / recovery in an event of a crash?
LUKS seems to be the more standard tool (included by default in distribution installers, etc), so that's what I use.
AFAIK, they are both based of similar technology unlike say ecryptfs. File-system integrity would largely depend on your choice of FS. However, your best bet would still be to use a UPS. If your data is important, that should be necessary even if no encryption was used.
Well, as other have pointed out, LUKS is generally better integrated into current distributions. For security reasons, you almost certainly want to encrypt all partitions (including /), which is called "encrypted root". Setting this up by hand can be a bit tricky (though doable), so distro integration helps a lot.
At least Debian and Ubuntu offer encrypted root via LUKS in the standard installer, so that's a point for LUKS. I'm not even sure if TrueCrypt can encrypt the root partition at all.
The only advantage I can see for Truecrypt is that its Windows support is better, so it's easier to mount a Truecrypt partition under Windows. But that is really only relevant for portable drives/media. At any rate, most Linux FS have no Windows driver anyway...
So I would recommend LUKS (though Truecrypt is a viable option as well).
In a "normal" system, if the system crashes (power gets cut, etc), it's easy to recover a corrupted system with fsck. However, on an ecrypted system, things become a lot more complicated. Does TrueCrypt of LUKS offer the best stability / recovery in an event of a crash?
There isn't really any difference. Encryption is always per sector, and disks are written per sector, so usually you'll lose any sectors that weren't written properly, with or without encryption.
I use full-disk LUKS (including root partition) on my laptop, and it's gone through many fscks without problems.
At any rate, you are going to perform at least nightly full backups, aren't you? So a crash should not wipe out a lot of work... . IMHO, anything less than that is criminal negligence on a system with important data.
Under Windows, TrueCrypt lets you encrypt the System drive but it doesn't work for Mac & Linux.
LUKS allows for up to 8 passwords, if that matters -- but all passwords give you the same access to the data -- i.e. read/write/execute then access is limited by ACLs on the ext File System.
In either case if security of the workstation/laptop is an issue beware of physical access. Google 'Evil Maid' and 'Cold Boot' for details.
true crypt provide hidden volumes offer more security but for a standard encryption luks which is included in standard repositories is better choice
but any one know if luks effect journaling as you said fsck may not work properly when using encryption?
