Ubuntu Encryption (K) for Home and Business Applications

Data on computers is usually stored in open form, both on Windows and on Linux, which gives access to any information practically to anyone who encroaches on it (!) Or so to a “random passer-by” or even nonrandom. If you want to hide something from prying eyes, then this article is for you - moderate paranoid and users of (K) Ubuntu. This is especially true for laptop owners (everyone has read about mass thefts).

He took up the cryptographic case, looked at what the people were writing. Maybe someone will come in handy too.
I did not encrypt all partitions, but only user data. This is no less security than encrypting the entire root partition with all packages and libraries!

So what requires encryption:
* swap
* / home - put in a tc container (can be in the form of a file, or in a section)
* / tmp - this data is needed only for one session, so we can safely place it in tmpfs
* / var / tmp - the same
* / var / spool - user cron tasks are stored here, tasks for the printer, it is better to put them in the container with the home folder
* / var / mail - in the container
* / var / lib / slocate - in the container
* / var / log - in the container. although something at the boot stage does not get here, but this does not apply to user logs.

For Linux there are both built-in (dm-crypt, loop-aes ...) and a third-party tool - TrueCrypt, which works both in Windows Vista / XP / 2000, and in Linux (though about 1.5 times slower). And of course, open source (hello to the secret services :)

TrueCrypt allows you to create cryptocontainers both in partitions and in files, which are then connected as partitions. Encrypts using AES, Twofish, Serpent algorithms.
All three algorithms are very reliable, and now there is not even a theoretical hacking method, except for the full enumeration method.
AES - chosen as the government standard in the USA
Twofish - on the AMD64 processor (linux kernel i386 2.6.20-16) is the fastest. Outperforming AES by an average of 20%
Serpent - significantly slower than the others
Noticed that Twofish is faster on AMD, and AES on Intel, and on Intel Mobile both algorithms are approximately equal. You can choose any of them, but I advise you to first test for speed on your computer.

The hash functions RIPEMD-160, SHA-1 and Whirlpool are used.
SHA-1 - a theoretical possibility of hacking has appeared, and although this more likely applies to letters and digital signatures, it is not recommended for use.
RIPEMD-160 - is the default. For this algorithm, even theoretically, hacking is not yet possible. But his predecessor, RIPEMD, has already discredited himself. Whirlpool is theoretically the slowest, some sources say it is 2-3 times slower than the rest. Although my tests showed that in TrueCrypt this is not so. In both Linux and Windows XP, the gap is not more than 5% from the previous ones. To date, the most robust algorithm. And the youngest.
You can use Whirlpool or RIPEMD-160.

In TC, it is possible to use cascades of algorithms. AES-Twofish bundle together with Whirlpool and a hidden container - this is for super-secret data;)

Truecrypt is undoubtedly good because one more can be hidden inside an encrypted container . This is against hacking with a soldering iron method.
Although the documentation says that the external container must be formatted as FAT, it works just fine with ext2 as well. But if the border between containers with the -P switch is exceeded, the system does not say about the end of the place as in Windows, just these data are lost.
The file system log is automatically placed in the cryptocontainer.

More details with all examples can be found here.