On Mon, Dec 8, 2008 at 2:59 PM, Matt Graham wrote: > From: Alex Dean >> I used TrueCrypt to do full-disk encryption on an 80GB external USB >> hard drive on a ThinkPad T40 (1.4 GHz Pentium M) running Xubuntu >> 8.04. Any time I had the disk attached, it pegged my CPU and was >> nearly unusable. I gave up at that point, though there may have been >> more tweaking I could do to get it running better. I use the whole disk encryption process as built into the installers in Fedora 10 (at the moment) and Ubuntu (alternate install CD) when I use that (and I'll likely be jumping back to Ubuntu but that's a different issue). My lappy is a low-grade dual-core chip (Intel "Pentium dual core") from about five months ago, a $500 Dell. I have 2gigs RAM. Whole disk encryption isn't slowing me down. My laptop is a felony to possess in the (US) state of Georgia and possibly others because I have actual Diebold vote-tally software in my XP virtual machine. That's why I take encryption seriously. I encrypt external drives with Truecrypt. I find no performance penalty with encryption. In the US, court cases so far say that you can refuse to divulge passwords based on the 5th Amendment, even under a subpoena to reveal them. The US is in the minority in this view. Since my travel in election reform is purely stateside, I do "in your face" encryption with obvious password requests, rather than the "hidden encrypted volume" routine possible in Truecrypt where you can hide the fact that you're doing encryption at all, at the expense of some disk space and more annoyance in getting to the encrypted data. If you're taking encrypted disks to places where passwords can be forced from you (or you rot in jail until you cough 'em up) then you need to look at hidden encrypted volumes. This includes Canada and Britain last I heard, and probably Mexico. Whole-disk encryption has advantages if you regularly piss off the politically powerful. If somebody sends you a link in EMail that turns out to dump to kiddie porn, and you back out of the site, you still have kiddie porn on your hard disk, in the browser cache. If the police then pound on your door 20 minutes later as the second part of the setup, you can just power off and without even worrying about where on the disk that crap is, you know it's heavily blocked. Partial-disk encryption of any type is about protecting those things you PLAN on protecting by copying them there; whole-disk encryption blocks everything from an assailant who has gained physical access to your machine and in a few rare cases that can save your butt. Jim March Member of the board of directors, blackboxvoting.org --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss