I'm confident enough that's secured against pretty much everything up to federal law enforcement or nation state level snooping.
Could you please elaborate what you mean by that? As far as I know, it is not possible to "crack" EncFS or Truecrypt as long as you use reasonably strong password and are able to protect it. Or am I wrong?
What _I_ meant by that (and keep in mind my answer might not be based on the same circumstances/juristiction/type-of-encrypted-data as you) - is that I'm reasonably sure my employers, family members, office-mates, cleaning staff - and even state and local police, will not have access to my data unless I choose to give it to them. At the same time I'm under no impression that federal level law enforcement can manipulate things so I don't really have any choice about whether to hand over my keys (I'm _reasonably_ sure that at least local and state law enforcement where I live are unlikely to use "rubber hose cryptography" to extract my passphrase). And I don't know for sure, but I strongly suspect that various three letter agencies or "nation states" probably do have the resources needed to brute force any password/phrase I'm using (including 25+ character random upper/lower/digit/symbol ones I let 1Password generate, or perhaps they'd just brute force the 6 word mis-spelled 1Password master passphrase).
Ah, thanks for explanation. Also thanks for introducing me to the phrase "rubber hose cryptography", I didn't know that.
It is probably good to keep in mind what you said. All passwords are only as good as your ability to keep them for yourself.
Also remember that if someone (feds) would had physical access to your computer while encrypted data is mounted, then the password doesn't matter. Even if you manage to turn off the computer, they could still decrypt the keys by "cold boot attack"[1] within minutes after shutdown. Actually anybody can do that easily. [2]
For normal-purpose encryption that this thread is about, it would be too much hassle, but if I had something I would want to really encrypt and be sure nobody would get to it, then:
1. I would use multiple layers of encryption with the possibility to decrypt one layer in multiple ways (plausible deniability)
2. Would not rely on password only, but also use some external key/token, maybe something like this: https://www.crypto-stick.com/
3. Make the access to data quickly destroyable if I choose so. Several options come to my mind. E.g. make the key/token easily destroyable for me. Other option would be to physically destroy the media where data is stored. These would render the data inaccessible if I choose so. I would of course lose the data.
Could you please elaborate what you mean by that? As far as I know, it is not possible to "crack" EncFS or Truecrypt as long as you use reasonably strong password and are able to protect it. Or am I wrong?