Recommendations on the practical use of disk encryption software


1. with an encrypted root partition it is recommended to store sensitive data in a place that is encrypted with a different key. An attacker could launch a known-plaintext attack against the encrypted root file system.

2. Disable every unneeded feature/function of the OS and application software that potentially saves sensitive data on the disk

3. Disable virtual memory or at least store the swap device on an one-time-key encrypted partition. Otherwise sensitive data or even the cryptographic key might leak to the paging device.

4. Create a secure passphrase!
Passphrase @ Wikipedia
Password cracking @ Wikipedia
Solar Designer on weak password generators

5. Only use open source crypto!

6. Use 2-factor authentication if possible and indicated by the threat model!

7. Do not store sensitive data on unencrypted backups!

8. Protect your system against unauthorized remote and local access! Otherwise an attacker could install a software or hardware keystroke logger or some other interception device.