Encrypted Dapper filesystems?

[Daniel Carrera]

Carlos Picazzo wrote:
> Recently, I've been thinking more seriously about re-installing my 
> laptop and setting up the filesystems on a Dapper install to be 
> encrypted.  Does anyone have any pros/cons/suggestions about doing 
> this?  I've looked at 
> http://www.ubuntuforums.org/showthread.php?t=120091 and it doesn't sound 
> too difficult but was wondering if anyone had any first hand experience 
> on setting up and maintaining an encrypted fs and what their thoughts were.

Depending on your threat model you may want to consider True Crypt:

http://www.truecrypt.org/

True Crypt makes an encrypted volume that can be mounted as any disk. 
What True Crypt provides and the other doesn't is plausible deniability:

* The volume is indistinguishable from random data.
* The file on the filesystem that represents the TC module can have any 
extension (.iso, .png, .raw) or no extension at all. TC leaves no trace 
when it accesses this file (the timestamp doesn't change).
* True Crypt volumes do not have a "signature" and they are not listed 
on the partition table. Again, it looks like random data (e.g. left over 
from when the disk was manufactured).
* Hidden volumes. It may happen that the attacker (e.g. FBI, the mafia) 
forces you to give up your password (e.g. through a court order, or a 
gun). You can have a hidden TC volume inside a TC volume. You put some 
medium-secrecy files in the outside volume and the top-secret files in 
the second one. You give the attacker the password for the outer volume 
and they never find out that there is another hidden volume. It is not 
possible to prove the existence of the hidden volume


Cheers,
Daniel.
-- 
"It's like a rainbow. Without an observer at a 23 degree angle to
the light reflected a cloud of spherical droplets, there is no
rainbow. The whole universe is like that. Our spirits stand at a
23 degree to the universe."  -- Zoya Boone, Red Mars