> I have been thinking about encrypting some private files on my laptop,
> in case it gets stolen.
I have a general comment, and a specific software suggestion:
General comment:
Whatever encryption solution you use, think seriously about backups!
That is, if your data is important enough to encrypt, it's surely
important enough to need backups. If you backup the plaintext, do
you trust the security of whereever those backups get stored? Maybe
you want to backup the ciphertext instead...
Now for the specific software suggestion:
I have been using cvs (available in ports) for 10+ years now,
and am happy with it. It's an encrypting file system.
Advantages:
* transparent encryption, with keys on a per-directory-tree granularity
* can run on many different Unix flavors without needing custom kernels
Disadvantages:
* performance is a lot lower than an in-kernel crypto filesystem
(but for modern hardware and moderate-sized files, the cryto
overheads are still only tiny fractions of a second)
* security is probably good enough to stop casual snooping, but
likely wouldn't stop serious spooks like the NSA et al (see
http://www.usenix.org/publications/login/2004-08/pdfs/howard.pdf
for some recent cryptanalysis work)
* it's pretty close to unmaintained now -- the cfs-users mailing
list seems to have been dead for several years :(
ciao,
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
