I will vote for True Crypt. I've been using it for several months. I've gotten all of my encrypted partitions and files migrated to True Crypt. I had previously been using crypto-loop with twofish encryption.
The reasons that I changed to True Crypt include the following:
It is multiplatform. It will run on Linux and Windows. You can encrypt a disk partition or a file on one platform and use it on the other platform.
It does not depend on a particular distribution of Linux. I found that using crypto-loop on Linux with twofish encryption made it difficult to try new distributions. Many Linux distributions do not support twofish encryption under crypto-loop.
It has all of the latest encryption algorithms and hashes. You can combine encryption algorithms to encrypt a given object (partition or file).
True Crypt is easy to use. It has a simple command line interface in Linux. It has a GUI interface in Windows. I like the command line interface. It is about the same level of difficulty as crypto-loop as far as entering commands to complete a given task.
True Crypt uses the Linux device mapper rather than the loop interface.
True Crypt compiles and installs easily. So far I have installed it on two very different Linux distributions (SuSE and PCLinuxOS). I have not had any problems installing it or making it work.
It is possible to put the True Crypt binary on a portable data device like a USB thumbdrive and then use that portable device on a Linux or Windows machine that does not have True Crypt installed. I have not done this yet but I plan to try it.
True Crypt has made data encryption portable for me. I was tied to OpenSuSE when I used crypto-loop with twofish encryption. Now I can use an encrypted object on any Linux distribution or Windows.
True Crypt does not put any encryption headers in its objects. That means that there is no data in the encrypted object to help hackers to determine how the object was encrypted. In other words, there is no data in the encrypted object to say that it is encrypted, or that it is encrypted using True Crypt, or that a particular encryption algorithm was used to encrypt the object.
You can see a listing of what actual objects are mapped to what True Crypt virtual devices by using the -l parameter to the truecrypt binary.
That's handy when you are mounting and unmounting encrypted objects.
True Crypt is an excellent product. And, of course, it's free.
http://www.truecrypt.org/
The only downside that I had with True Crypt was the instructions for Linux. The True Crypt man page has a lot of examples so I finally figured out how to do what I needed to do. For example, when you want to encrypt an object your best course of action is to just invoke the True Crypt binary with the -c parameter. It will ask you for all of the information that it requires to find and encrypt the data object. Also, if you want to encrypt a file such as a mountable container file you do NOT create the file first using dd or whatever. True Crypt will create the file. Lastly, when it asks you what file system to use it only offers the choices of FAT or none. I always choose none. After the object is created I map it to a True Crypt virtual device in /dev/mapper, then I use mkfs to create the file system type of my choice.
Example to encrypt any object.
After the truecrypt binary starts it will ask you for any information that you did not supply on the command line.
Example to map an existing True Crypt object at /dev/hda4 to a True Crypt virtual device named /dev/mapper/truecrypt4.
Code:
truecrypt -N 4 /dev/hda4
You can then either mount the device /dev/mapper/truecrypt4 or you can create a new file system on it by using mkfs.
Code:
mount /dev/mapper/truecrypt4 /mnt/hda4
or
Code:
mkfs -t ext3 /dev/mapper/truecrypt4
I recommend NOT using the other forms of the truecrypt command to perform these particular tasks which are shown in the True Crypt man pages. I had some trouble with some of them. For example I recommend NOT mapping an encrypted device and adding the mount point in one line. Do it in two commands; map the device, then mount it. I recommend NOT adding all of the parameters to the line when you are creating a new True Crypt device. Just use the "truecrypt -c" form that I showed above and answer the questions as they are presented.