Encryption

Phishing!!! I think we used to call it stealing. Any how, I don't even want to think about the idea of loosing my hard disk to some MF that decides to go phishing in my office while I am sleeping. Just the thought of it makes me shiver. So I have done some surfing, and have come across some free software for this purpose. One such program for windows is the TrueCrypt. I have never used such software, therefore I know nothing about it, and this is where you come in.
Do you use it? Which one? Is it reliable? , etc.

One thing I would like to have (if possible) is the following:
1- The whole disk should be encrypted.
2- The PC should only boot if a USB key is pluged in. Once booted, it should work without the USB key. This would serve to funcions, boot the computer, and provide the de-cryption code.

You're comment os this subject are appreciated.

I think you are confused about the real definition of phishing, because the ability to make the computer boot only with a usb key is not going to save you from phishers. Phising is a type of "social engineering" that takes a tailored web page that looks trustworthy and prompts you for information that you should never give out(credit card, ss number, pin number, etc) and forwards it to the hacker who then goes on to steal your identity. This is usually done in the form of an email, but can also use DNS cache poisoning to redirect your computer to a phishers website but be tailored to look exactly like the website you intended to go to. It can also be used in a MITM(man in the middle) attack where a hacker intercepts your connection, forwards the data to the site you requested, but the information responded by the server is forwarded to the hacker, but is then forwarded back to you making the transaction transparent to the user.

To protect against the email attacks is simple; NEVER give out that information to ANY email. For the others, it is a bit more complicated, but I usually disable javascript before connecting to my trusted e-commerce sites. I'm sure there are other methods that the posters on this website would love to share, so I'll leave to the stage to those who want to share their defenses against phishing.

Ok! I may have missused the term phishing. Altough I think it is being used to describe other methods of collecting information, such as stealing your hardware (I have read some stories). But what I would like is your (you all) opinion on the subject of cryptography. If someone breaks in my office and steals my computer, I would like to be sure that none of the information on the hard drive(s) could be ever read.

I came accross this windows encryption program, I haven't tried it yet but it's free. I also like it because it uses 128 bit blowfish encryption. Wich is more than sufficient for most home and office uses but I think its a little early to consider it impossible to break like they say on there site.

www.cypherix.com/cryptainerle/index.htm

Cryptainerle is easy and free (so they say) but it has container size limit of 25 megs. Not good enough.

I have come across a program called DriveCrypt. This looks like the perfect solution to what I am looking for. The problem is that it is a commercial product. It's not a price issue, as it costs around $130. Being a commercial product, you just don't know what's inside.

If the data you want to keep safe is on a file server you could do something like this: pooh.selwerd.nl:81/index.php?id=84

But maybe a hardware encryption device would be a better solution for you. ABIT makes one called SecureID. It only used 40 bit DES which is sufficient for most home users but is not very strong encryption. CRU also makes hard drive encryption devices with considerably better encryption but at a significant increase in price also.
www.forensicpc.com/proddetail.asp?prod=CRUENCRYPTDPV&cat=14