With Ubuntu encrypted home, when you login as a user it uses your login pwd to decrypt a stored key that is then used for encrypting/decrypting the home files. So you only login as usual to have access to your files. On disk without being logged in (as root even, or if mounted on another machine) the files remain encrypted.
If you put your sensitive files there then they should be safe unless a user can login.
Ecryptfs can be installed for alternate uses as well but the simplest ready-to-use mode is when chosen during install as encrypted home.
If you want to do this without requiring any kind of login then I don't see any way on any system that the encryption key cannot be found and used. It may depend on obscurity to hide away the key but someone with knowledge will know where to look. At some point there has to be something that decides who has access and who doesn't.
With Truecrypt I think the idea would be to store the auto-mount info in the users encrypted home so that logging in gets access to info needed to mount the Truecrypt drive.
Bookmarks