6 years ago
I know that this "idea" is old, but... it is not full disk encryption in fact. /boot partition is outside the crypted area.
I also think that the encryption key should have the option of loaded from an external usb disk. That way you could use a 128-bit key without having to type it in at startup.
They do in the installation. I do agree with you. Its a great Idea!
This is an opinion not an idea
There is no need to encrypt the whole disk as it is only /home and possibly /opt & /data that holds data. Encrypting /, /bin & /usr will slow down the system without making it more secure
what is available in default install in /home encryption