[CS-FSLUG] Full Disk Encryption?

[Greg Slade]

I have a machine that I'm planning to use as a Linux testbed. (I'm 
thinking of installing Xubuntu, because it's pretty old: an IBM 266 MHz 
Pentium II with 256 MB of RAM.) The plan is to learn Linux so I can 
support Linux users on an encrypted E-mail network. Here's the thing, 
though: in order to connect any computer to the network, that computer's 
hard drive has to be encrypted. For Windows users, the network has 
standardised on an application which encrypts the whole hard disk. You 
can't even boot without the password. (The encryption utility leaves a 
stub in the Master Boot Record, and when you enter the password 
correctly, then it decrypts the disk so you can boot into Windows.) 
However, it also has a "back door": if you have forgotten your password, 
you can press a key, and get a string of characters. Then, you E-mail 
(on another computer) or phone or fax, or otherwise transmit those 
characters to your helpdesk, and leave your computer running. (If you 
shut it down, you'll need to generate a new string.) The helpdesk uses 
that string to generate a one-time password to get you back into your 
computer. Unfortunately, this software only supports Windows, and not 
even all versions of Windows, so Linux is right out.

What I need to know is, is there a Linux utility which can provide the 
same features:

- secure full disk encryption, so you cannot boot without the password, 
and mounting the drive in another machine won't help, because 
everything's encrypted.

- a "back door" for the help desk to help those who have forgotten their 
password. (In my experience, this is the single most common source of 
help desk calls.)

Thanks in advance.

God bless,

Greg