Secure LUKS configuration
 

Hi,

as I'm currently developing an undeserved feeling of paranoia, I'm trying to compensate by hiding my ass using LUKS. Well, I easily managed to setup /home, /var (squid3), /tmp and swap as encrypted partitions using a 28-character-|_337zP!3k-password, so the partitions themselves should be well secured.

Still, as I lack the theoretical knowledge about the inner works of Linux, I don't feel quite secure about further hideout places for leaking userspace data. Also, for convenience, I added another keyslot to the above partitions, unlocking by a lengthy keyfile I saved on an encrypted USB stick. Thus, I would only have to enter my password once, but I don't know if I'm just creating further loopholes that way.

There are a number of other insecurities, so, to put a long story short, I would be very glad if someone could point me to some answers on the above questions. I would also be very glad about directions to more extensive information on hardening your system against direct access or on the basic methodology (not cryptography) behind LUKS. (If it is comprehensible to foreigners not familiar with the matter of concern, that is.) So far, I only came across your average walkthroughs, most of which just repeat the same basic commands.

Thanks a lot,
David

PS: Encrypting / would, of course, further security a lot, but installing my whole system anew would be a trendemous hassle :\ (I'm on Linux Sidux, btw, if that is of any relevance.)