Disk Encryption With TrueCrypt
Continuing on last week's coverage of computer security, TrueCrypt is open source disk encryption software for Linux, Windows and Mac OSX. There are Linux binaries available for OpenSuSE (.rpm) and Ubuntu (.deb); otherwise you can install from source.Tip of the Trade: TrueCrypt, open source disk encryption software for Linux, Windows and Mac OS X, makes it easy to tighten security. Among its many useful features is the ability to create a hidden encrypted volume inside a standard encrypted one.
TrueCrypt has several useful features, including the ability to create a hidden encrypted volume inside a standard encrypted one. In a situation where you're forced to reveal your password, that hidden volume can't be identified (as it looks the same as the random data you get anyway on an encrypted volume). Encryption/decryption is handled on-the-fly. Although there is a slowdown, it isn't prohibitive.
It's also possible to access the same encrypted partition/volume on multiple OSes, as long as they have TrueCrypt installed and are able to read the filesystem used on the disk. (So you still can't get at your ext3 filesystem on Windows!) This is particularly useful for encrypting the USB drive you might carry around in your pocket.
The current version of TrueCrypt requires the use of sudo. If you need multiple users to be able to access the volume, add this line to /etc/sudoers:
%truecrypt ALL=(root) NOPASSWD:/usr/bin/truecrypt
The documentation is comprehensive, including some interesting technical details. Unfortunately, as yet it can't encrypt the Linux OS (it does do this for Windows systems), so for Linux it's data-only encryption at present.