Hi
I after search into internet find cryptsetup , ecryptfs , loop-ASE and Truecrypt .
I want a software on linux(ubuntu 12.04)for building full encrypted disk with pre-authentication in time booting system.

but i have one question .
which one is better for me ?
I tankyou for eny answer.

Based on my preferences, I would suggest that you use (LUKS using) cryptsetup. What you described can be achieved easily with cryptsetup. I have encrypted /, swap and /home and have to enter passphrase during boot for the system to boot.

There are probably some online guides to enable one to do this (if needed). Archwiki also has pages that would be useful. Hope this helps.

I can tell you a little bit about LUKS through cryptsetup, since that's what I use. I'm pretty sure with cryptsetup you can't encrypt the full disk; you would need to leave /boot unencrypted (putting it on a different partition). But you can encrypt everything else including the swap space. I actually have two partitions, one with boot, and one large encrypted partition holding two LV's (Logical Volumes), one for root and one for swap. Doing it this way, you only need one password to decrypt the rest of your computer. You can also even set up a key file on a usb stick or something, so that, when the computer starts, it will first look for the key file and decrypt the disk if it finds it, but if it doesn't it will ask for the password. This has worked fine for me. Here's a howto for ubuntu:
http://ubuntuforums.org/showthread.php?t=1205372

Hope this is helpful :)

If you are really serious about that kind of security, I would invest in a disk-controller, a drive, or an external SAN unit that provides hardware encryption of drive content. The key (or certificate as the case may be) is literally installed into the unit via hardware or software, and every I/O operation against the drive is encrypted or decrypted in real time.

One of the all-around handiest of these are USB sticks that have encryption capability. I once saw a sort of dongle that you could plug into a USB port, then plug any ol' stick into it, and everything on that stick would be encrypted with no loss of throughput.

I'm not sure about the OS support of USB sticks, I know some are Windows only, so last time I sawsomething like this discussed I found there are USB hard drives with built in keypads for entering the unlock code.

Well if you're looking for an encrypted USB key I can recommend Ironkey. One caution - the unlocker is 32-bit only so you will need a multi-lib setup if you're running 64-bit.

Seagate and Stonewood both make hardware level encrypted hard drives. The Stonewood is self-contained. Last I checked the Seagate required the system have a TPM but I'm not sure if this is still the case.

LUKS works well for encrypting a Linux system on a block level. You can encrypt everything but a small /boot partition and unlock using a keyfile, password or both. The disadvantage to LUKS is that once unlocked te data isaccessible by the entire system (subject to other access controls and permissions).

TrueCrypt only works with containers on Linux and cannot be sued for full disk encryption like it can on Windows.

loop-AES has been deprecated in many distros for a while now in favour of the cryptsetup option.

ecrtpyfs is a filesystem level encryption scheme that can be used on a directory or file level (similar to Truecrypt). It has the advantage of remaining encrypted until the user who owns the "container" mounts it. Itis not useful however for full disk encryption.

These various systems can be combined depending on your needs (eg encryptfs in user directory on a LUKS encrypted partition on a hardware encrypted drive).

I tankyou form four persan answer to this question .

I read these four thread. now I try find about types of attack to full encryption disk .
for example if I building full encrypted disk ,and I loss my hard with which kind of attack can pass from this encryption .

AND which one from cryptsetup and loop-ASE ,... can slove this problem ?

Another. about watermaking attack and dictionary attack and other attack that you konw,what?
which future on cryptsetup can prevent from attack ?

I waite for every book and document , website , thread about attack ,

Regardless of the system chosen be it truecrypt, LUKS, etc. there are two weaknesses: the implementation of the algorithm, and the keys. Unless you are good at both math and programming checking on the robustness of the algorithm is beyond most people's abilities. Choose the one you prefer Blowfish, Twofish, Serpent and AES are good choices. Also chose an appropriate mode (eg XTS, CBC) for your need.

The primary attack vector is the keys and passphrases. Choosing a strong passphrase is the first step. There are numerous articles, tutorials and books on the subject so reiterating it here is wasteful. Once you have a strong passphrase you choose a strong hash when creating the encrypted container/partition (eg SHA-256, SHA-512, WHirlpool, peraps Skein). Be sure to salt the hash as well.

If you take the above technical precautions, it remain to manage any keyfles or password/passphrases you create in a secure manner. If you do all the above the remaining attack vector is cryptanalysis which, for the example algorithms above is a major undertaking and your data should remain safe.

Note in choosing a commercial hardware solution such as Ironkey or Stonewood, your options as to hash and encryption algorithm are more limited. For example both use AES-256 for their products.

(PS - Stoenwood drives are now sold under the name Eclypte)