Linux + encryption

Does anybody of you use linux with some sort of encryption, and specifically dm-crypt, LUKS, truecrypt or anything else?

Do you use them to mount partitions at boot-time or would ike to? (AFAIK truecrypt is not yet integrated)

divVerent still uses volume encryption afaik

One can use eCryptfs as default in Ubuntu, when adding a new user for that users whole home dir.
For stuff on external locations, I use EncFS, since its very simple to use. You can of course use eCryptfs for that as well, its just me sticking with old habits...

I don't like encryption on a whole volume basis, since its.. it can be a pain in the ass when it comes to backup and so on.
Its better on a 'per file'-basis or like a container for external stuff.
When it comes to moving stuff to a "win"dows machine, I usually put it in a 7z with a strong password (I think its aes256) and download peazip and unpack it if I don't have net access or trust the computer where I am.

I also use passwordmaker to "remember" my 40 character passwords that is unique to every site/host/file.

I don't. I have no need. How much do those encrypted file systems affect I/O and CPU performance?

I don't. I have no need. How much do those encrypted file systems affect I/O and CPU performance?

Don't know about encryption, but compression doesn't slow it down. (Compression actually makes it faster, since the CPU can decompress faster than the HDD can read blocks. Which is NOT true for encryption - but I don't think it'll be noticably slower.)

I don't. I have no need. How much do those encrypted file systems affect I/O and CPU performance?

There is no noticeable performance loss at all, especially on a modern machine.
Fuse based encryption can be a bit slower, but you dont feel it anyhow. In that regard mentioned eCryptfs and the like is a bit faster.

Regarding the 'no need' part.
I dont know about you, but I at least have some photos, sound recordings and documents on my laptop and everywhere else for that matter.
I would not feel comfortable at all if someone would gain access to that information.

Can someone really afford to gamble on that the thief of a laptop, is just interested in the hardware?

I mean, when hardware these days is really cheap, at least in most places with a high HDI-index?
The chances are not great but you know.. greater today, since there is a more widespread understanding of computers or well.. IT really.
That they are more interested what is on the laptop than the laptop itself.

Regarding the 'no need' part.
I dont know about you, but I at least have some photos, sound recordings and documents on my laptop and everywhere else for that matter.
I would not feel comfortable at all if someone would gain access to that information.

I feel the same about it, and my university thesis (almost finished) is going to have an introduction to scare people about that.

About fuse: yes, it's definitely slower, but I don't mind.

I don't own a laptop, only a desktop. If I did, I would encrypt my filesystems. Other than a trojan/virus, in order to gain access to the data, a thief would actually have to break into my home. Once in my home, the thief could just as well steal paper/physical copies of my photos and documents.

I use dm_crypt on all file systems

I don't own a laptop, only a desktop. If I did, I would encrypt my filesystems. Other than a trojan/virus, in order to gain access to the data, a thief would actually have to break into my home. Once in my home, the thief could just as well steal paper/physical copies of my photos and documents.

You mean you have analog stuff laying about?

I don't own a laptop, only a desktop. If I did, I would encrypt my filesystems. Other than a trojan/virus, in order to gain access to the data, a thief would actually have to break into my home. Once in my home, the thief could just as well steal paper/physical copies of my photos and documents.

You mean you have analog stuff laying about?

Lolled at "analog stuff"

This made me think what they actually suggest you when generating GPG keys: they say it's better to generate revocation certs to store too and also print them on paper in case of emergency.