[–] GeorgeMichael 0 points 1 point 1 point (+1|-0) ago
you could check out VeraCrypt, it's a fork and IIRC some trueCrypt developers are involved in this project as well
[–] [deleted] 0 points 1 point 1 point (+1|-0) ago
[–] e0steven 0 points 5 points 5 points (+5|-0) ago
Um that's bull, it was fully vetted.Audit Results And I highly doubt you have anything to back it up.
[–] [deleted] 0 points 5 points 5 points (+5|-0) ago
[–] jumpingmac 0 points 7 points 7 points (+7|-0) ago
It's important to note that whole disk encryption, while a strong mechanism for protecting your data against physical theft, is ineffective at protecting data stolen from you electronically.
[–] just-my-2c ago
Even then, you better hope it was turned off when it was stolen or used by an unauthorized person...
[–] Kalectrix 0 points 15 points 15 points (+15|-0) ago (edited ago)
Ha-ha yes. Linux supports this with ease. You don't really notice it, you just have to type in your passphrase at boot. You can also put nukes on it aswell, so if someone tries brute forcing it the hard drive is as good as random gibberish. The other option is to just encrypt your home folder, which is the usual option. I used to run a persistent encrypted Kali Linux on a USB 3, was pretty good for a portable secure OS. Edit: correction
[–] NeverToday 0 points 1 point 1 point (+1|-0) ago
I do the whole disk thing and it's nice to know that if my laptop ever gets stolen, I really don't care that much. Go buy a new one, install my backup and never worry that my data will get pulled off the stolen machine.
I set it up via the Debian installer, if anyone's interested.
[–] VimTsar 0 points 3 points 3 points (+3|-0) ago
On Linux you can encrypt everything except /boot partition, which contains kernel and typically bootloader files. Good news is that you can move this partition along with bootloader to flash/sdcard and carry it with you to prevent bootkit attacks.
Partitions are still having LUKS(linux encrypted) headers, which tells what kind of OS and type of encryption is used. LUKS supports storing header externally (for example on afforementioned external storage) but it's not supported by lot of tools and system apllications (for example systemD didn't support external header, not sure about now) and might complicate recovery in case of problems.
Also on OpenBSD FDE is supported only with bootloader needing to readable. Proprietary OSes open too much potential holes/backdoors, so encryption against serious adversary is futile and against non-serious one encryption of user account should be enough.
Further detail for example: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system