Hey LQ,

I'm trying to have a secure location on my Windows laptop to store a text file of passwords, among other things and I thought having an Encrypted LVM and Encrypted Swap inside of a VM would be a marvelous way to achieve this but I'm not sure how Encryption and Virtualization work together and if that defeats the purpose of encryption.

What I would like to know is if this is a good way of keeping files safe from spyware and malware and also if I potentially lose or my laptop gets stolen if this would be a good way to protect data from prying eyes.

Any tips would be greatly appreciated.

You might want to instead just install gvim and use the encryption vim provides. You can get the download for Windows at:
http://www.vim.org/download.php

The article below talks about the strong encryption in vim (if enabled). After reviewing it once before I verified the gvim install I have on Windows 7 has it enabled.
http://www.techrepublic.com/blog/sec...-blowfish/4870

A VM for this purpose would suck up a lot of resources (especially memory when running) so I'd likely not go that route just for encrypting a few files unless I felt file name should also be encrypted.

So far as I know there ARE other encryption technologies you can use for Windows partitions but I haven't used any. You might want to investigate that. Alternatively an in between solution might be to install Cygwin which is Linux on top of Windows rather than a VM and see if it has capabilities to create an encrypted space.

Those are good tips. Would you happen to know if spyware or malware could access data in memory from the Virtual machine while running the Encrypted LVM?

Kind of a lot of issues here.

One is physical access and one is remote or on time access.

The physical access issue could be protected by any number of cryptographic schemes. Windows upper level versions have a very good encryption that is unlikely to be broken by any common hacker. Maybe some countries could break in to it. Third party apps like truecrypt are also considered secure. Even pgp is mostly considered secure.

The second issue is when you yourself has access to the data. A VM tends to be considered a bit safer from the main OS. The idea of a cross platform bug is reduced. On would have to create the VM without any guest additions and without networking to at least have a start of security. There has only been one hole that I have heard about where a vm could be exposed.

Now one might be able to hack into that and boot up your vm so the question then exists about how one secures data on a linux system so you'd need to again decide if you want disk file system encryption and or file encryption. As to if the data could be exposed over the host by any means may only be by some host screen access.

Thank you for your advice. Wouldn't whole system and disk encryption be better than file encryption?

It really depends upon what you want to achieve.
Personally, I would install TRUCRYPT and make an encrypted volume and keep my secures data there. It can also encrypt an entire drive, single partition, or single filesystem. One beware: read the FAQs first and do NOT lose your passphrase. IT is virtually impossible to crack and does not play well with grub (or anythign else that wants the MBR) in the full drive option.