Which Block Level Encryption?

• old crypt over loopback (losetup -e des /dev/loop0 /file) considered obsolete and insecure (and slow)

• loop-AES is a fine choice, marginally more secure and faster than dmcrypt, but it's harder to deal with (will be nice when included in default util-linux, kernel, mkinitramfs, and have easier key management)

• • See http://deb.riseup.net/storage/encryption/loop-aes/ for problems

• dmcrypt is conveniently part of the disk mapper layer, and is supported by both initramfs on debian, and pam-mount.

• cryptsetup is required for dmcrypt, but you really want cryptsetup-luks for better key management