This should be a no-brainer for anyone carrying anything important around on a laptop.
IMHO, relying on a user password (like a login password) is not a great idea, since anyone with physical access to the disk can get to your data easily. OTOH, using disk encryption seems like overkill - since if you want to hand your laptop to someone for a little web browsing, you shouldn’t have to reveal all the ‘secrets’ to do so.
EncFS (available on Linux) is a great way to secure files - and has the advantage (over using a Truecrypt volume, for instance) that the files are stored as files on a regular - meaning :
that the secure files can be backed up using rsync (i.e. the whole volume image doesn’t need to be backed up - although I recognize that Truecrypt backs up fairly cleanly)
the diskspace allocated to the secure files doesn’t have to be guessed ahead of time : the secure files simply take the disk space necessary
Packages required (and a fix-up):
The fix-up above is required so that other users are able to read the ‘plain’ files (useful if you’re running a webserver serving files within the plain files, where the webserver is running as a non-user).
To set up encrypted folders, simply create two directories (under ~, for simplicity) the hidden one being the secret files encrypted, the plain one being created on-demand when the password is Ok. Use the following command (standard usage is a ‘blank line’ for the options, and a fairly non-intuitive password) :
To make it easy to use, the following ‘mount’ script can be saved to ~/Desktop/S-mount :
And the following ‘un-mount’ script can be saved to ~/Desktop/S-umount :
PS: There’s an attractive alternative to this ‘cryptkeeper’, which is a tray-icon system that can manage encfs volumes. I tried it, and preferred to do it ‘long hand’. But then I’m also trying to get things consistent across several different machines… YMMV.