Encryption (K) Ubuntu for home and business use

The data in computers is usually stored in clear text, both in Windows and Linux, which gives access to any information to almost anyone who tries to ((!) Or so “bystander” or even to non-random ones. If you want to hide something from prying eyes, then this article is for you - moderate paranoids and (K) Ubuntu users. This is especially true of laptop owners (everyone read about mass thefts).

He took up the encryption for this business, looked at what the people wrote. Maybe someone will come in handy too.
I have not encrypted all partitions, but only user data. This is no less security than encrypting the entire root partition with all the packages and libraries!

So what is required is encryption:
* swap
* / home - put in tc container (can be in the form of a file, or in a section)
* / tmp - this data is only needed for one session, so we safely put it into tmpfs
* / var / tmp - the same
* / var / spool - here are stored custom cron tasks, tasks for the printer, it is better to put in a container along with your home folder
* / var / mail - to container
* / var / lib / slocate - in container
* / var / log - in the container. Although something at the boot stage does not get here, but this does not apply to user logs

For Linux, there are both built-in (dm-crypt, loop-aes ...) and third-party tools — TrueCrypt, which works in both Windows Vista / XP / 2000 and Linux (albeit about 1.5 times slower). And of course with open source (hello to special services :)
')
TrueCrypt allows you to create crypto containers in both partitions and files, which are then connected as partitions. Encrypts using algorithms AES, Twofish, Serpent.
All three algorithms are very reliable, and now there is not even a theoretical method of hacking, except the brute force method.
AES - Selected as US Government Standard
Twofish - on an AMD64 processor (linux kernel i386 2.6.20-16) is the fastest. AES ahead of average by 20%
Serpent - significantly slower than the rest
I noticed that Twofish is faster on AMD, and AES on Intel, and on Intel Mobile, both algorithms are approximately equal. You can choose any of them, but I advise you to first test for speed on your computer.

The RIPEMD-160, SHA-1 and Whirlpool hash functions are used.
SHA-1 - there is a theoretical possibility of hacking, and although this is more likely to apply to letters and digital signatures, it is not recommended for use.
RIPEMD-160 is the default. For this algorithm, even theoretically, hacking is not yet possible. But his predecessor RIPEMD has already discredited itself. Whirlpool is theoretically the slowest, some sources claim that it is 2-3 times slower than others. Although my tests have shown that this is not true in TrueCrypt. Both in Linux and in Windows XP, the lag is no more than 5% from the previous ones. Currently the most robust algorithm. And the youngest.
You can use Whirlpool or RIPEMD-160.

In TC, it is possible to use cascading algorithms. The AES-Twofish bundle with Whirlpool and the hidden container are for super-sensitive data;)

Truecrypt is undoubtedly good because you can hide another one inside the encrypted container . This is against hacking by soldering.
Although the documentation states that the external container should be formatted as FAT, it works great with ext2. But when the boundaries between the containers with the -P key are exceeded, the system does not indicate the end of the space as in Windows, this data is simply lost.
The file system log is automatically placed in the cryptocontainer.

More details with all the examples can be found here.