I decided to encrypt all of my personal information on my desktop at home and began to research my options. First, I used Truecrypt which is able to encrypt entire partitions or create individual files that can be mounted as filesystems. As these are both neat options, neither of them encrypt or hide what’s called metadata. This would defeat much of the purpose for me as I don’t want even the names of my files accessible by a possible threat.My second option, and the one I went through with, was dm-crypt which is included through an alternate installation of Ubuntu 7.10. This method of installation makes it very simple for someone running Ubuntu to encrypt the entire filesystem leaving no leaks for haxorz to have their way with (AES-256). If you aren’t using the entire hard drive for your install, it’s a little more tricky, but not too bad. Just make sure you encrypt two volumes, one for your filesystem and the other for swap. You’ll also make an unencrypted /boot partition that doesn’t need to be anything more than 500mb.

With this dm-crypt approach, it requires you to type a password to even boot the operating system and does not allow other operating systems or livecds to even read the encrypted partition. Recently there has been news that encrypted filesystems can be cracked by physical access if they are left on or in sleep mode, but if you power down your machine when you are away from it for long periods of time, you’ll have nothing to worry about.

These are my experiences with disk encryption and it’s so easy, I’d recommend this method of installation for any security-aware computer user.