There are many levels you can go for encryption. Whole disk, a container and file level. LUKS is good for a whole disk alternative. But you're going to get a speed hit on your whole drive for the translating both ways that needs to be done.
The next method is container method. This is the method I use chiefly. Truecrypt has been mentioned and has a hidden section and an unencrypted section while running. I don't know its viability but it is a common use item. The next is also container level and is dynamic. It is fast, built into the kernel with FUSE and Encfs. This can also span across to USBHdds. It uses an encrypted file with unencrypted file and umounts on power down. You MUST make sure if you use this method that you close the opened data container on a backup otherwise ALL your data is out in the OPEN. GPG can be done file level wise, but I don't recommend it because it is very, very, very slowww when encrypting and decrypting the file. I do love a nice little program that is a quick one liner, shreds is original and gives a 448bit blowfish encryted file. The program is called BCrypt. The key to any of these methods is a STRONG, Long passphrase. 35-50 characters is sufficient. FUSE will let you change passphrases, so will LUKS, and I believe BCrypt will also. It is actually quite easy to remember a sentence that only you would know and change some characters around. If you went to the upper limit with 50 characters. A passphrase would have the mathematical odds of 50^62 power in complexity. It won't be broke in our lifetimes. If your boss really wants to implement PGP. They should start with signing and encrypting all emails internally and externally. There is a Windows version of GPG and email is going to be more of a threat to company information leaking than anywhere else. Gregory
begin:vcard fn:G K n:K;G email;internet:gm5...@gmail.com note;quoted-printable:Preservation of privacy is notguaranteed on an open internet connection.= Copies of emails are made on servers as they travel through the trail.= To ensure privacy and tampering us GnuPG for Signing/Encryption as much= as possible.=0D=0A= x-mozilla-html:FALSE version:2.1 end:vcard
signature.asc
Description: OpenPGP digital signature
