11
4
In the interests of protecting personal info in case a laptop gets stolen, I'm looking for the best way to encrypt a Linux system.
Disadvantages of whole disk encryption including swap:
- Pre-boot password prompt is kind of ugly and unpolished, appearing hidden amongst the boot messages (can something like Splashy handle this?)
- Need to log in twice (if you have a GDM login screen and need multiple users)
Disadvantages of individual folder encryption using libpam-mount or similar:
- Only the user's home folder is encrypted (whereas /etc, /var etc might contain sensitive information too).
- Swap file isn't encrypted, so likely to be leakage of sensitive data in there
- No way to securely hibernate.
I'm using Debian Linux if it matters. Doesn't need to be ridiculously secure, but want peace of mind that a thief cannot steal my identity, bank account details, VPN logins etc. if it is stolen while off/hibernating.
Do you know of ways to solve any of my above problems?
Your advice is all good, though for me personally I would rather go with dm-crypt/luks than Truecrypt simply because it is supported by my distro. In case you're interested, it is possible to decrypt and mount such a volume from Windows, or another boot disk now. – thomasrutter – 2010-01-20T01:10:24.740
Does TrueCrypt secure encrypted volumes during hibernation? – Craig McQueen – 2010-01-20T01:21:19.537
@thomasrutter: I understand. Being a mac user I preferred to go with a solution with a broader range of supported OSs at the time. – lorenzog – 2010-01-20T08:37:58.783
I've awarded the bounty to your answer because while it doesn't solve all my problems, it is helpful and contains some good pointers. Ta! – thomasrutter – 2010-01-21T01:19:06.737