Original thread: https://bitcointalk.org/index.php?topic=16266.0
I bought a laptop specifically for "more secure" uses and am (haven't done it yet) trying to decide what to do. I googled "gpg vs truecrypt' and that thread came up. Since i've considered bitcoin and am a kinda familiar with it (read up on it more than 'a bit'), i had a passing interest in the specifics of the topic as well. there were a number of suggestions as well as deeper information (if you're really interested, skim the thread) on what is and isn't "good", including a 5 char brute force test (it was "for fun" as one of the posters said, but anyone that only uses 5 char for anything but fora pretty much deserves what they get.)
So my reply:
the one thing that i don't think the more knowledgeable posters in that thread took into account is usability. An encryption situation is only as good as the users diligence and the tools usability combined. And yes usability is only as good as a person's willingness to learn the tools, that is also diligence. If a situation is "highly reliable" (whatever that means) but is so many steps and enough time to be such a giant pain in the ass that the user doesn't complete it each time (forgetting the steps is a good reason) then it's no good... well, it loses security by the orders of magnitude. While the 7zip solution was mildly shit upon, it has a very high likelihood of being completed 100% every time because it's fast, simple and reasonably secure for 99.7% of the days applications.
So which is better? a supremely secure (9/10) result from a series of steps thats only partially complete because the user doesn't feel like it, or a moderately secure (5/10) result from a canned, 1-click, windows app that is completed everytime? In most situations, I would call the 7zip solution practically best. (as long as you use more than a 5 char pass)
My point is this: between the 1-click 7zip solution and the method suggested in this post
(and it's follow up) there's no accounting for people. it's up to people to find that balance between the diligence required and the encryption desired. Crap all over it if you want, but the reality is that in general people aren't diligent. The Instant Total Gratification Society wants it perfect right now. I know some of you will berate such people, and i appreciate your help on the subject.
For my purposes, tho, I believe whole-disk Truecrypt would be my best bet... it doesn't require surfing man files or various forums for hrs and days trying to find a practical and usable config. And, from what i've read, is generally proven.
P.S. What would be useful is a compiled link-list of "known methods" that range from the simple 1-click solutions to "best known" solutions and scenarios and ppl would find their balance.