Crypto n stuff

I am not a noob, nor am I experienced in these areas, modesty is a safe bet as I do not want to overstate my skillset.

I have two sources that I consider to be the people with the most experience that I know in these areas but they do not fully agree. I would like to get your opinions and whatever else you may want to share about what you do and why.

Friend 1, computer professional, runs his own business out of his house fixing peoples shit and tinkering with his own tech. Recommends LUKS for encrypting non-OS files (for speed) and temporary files and important data. Thinks truecrypt is garbage because its proprietary.

For deletion he uses dd and dev/zero. On his ext4 filesystem it takes 2 hours to dd and 2 minutes to LUKS a 300gb drive. He suspects that dev/zero over dev/urandom contributes a bit (he admitted he doesn't know how much cause he doesn't use urandom) but he thinks that the NTFS filesystem is the cause of the slow (20GB/hour) dd speed. He also said, when I brought up the idea that dev/zero with dd is less secure and determined people could see what was written on the disk before all the 0's because they're all 0's and its easy to see ( read a paranoid theory about this idea) and he said that with NTFS that'd be possible but not other filesystems.

His paranoia solution was dd, format, encrypt with random salt (I'm unsure what this is, something about password security) and then format  with a different filesystem and use that one after encrypting. He also mentioned setting up encryption to randomize keys on bootup for your temp files and pagefile where your encryption passwords are stored.

Friend 2 said that dd dev/urandom with a few passes to be safe was a good idea and that Truecrypt is trustworthy. He also recommended using a bootable USB OS over a hard drive.

Please criticize all of these assumptions as I am here to learn what is correct.

LUKS is better than TrueCrypt. I wrote 20 pages worth of notes about this a long time ago but I'm pretty sure they're lost forever.

In short, LUKS does more to fight data forensics. Plus you can have multiple keys for any one drive. TrueCrypt tries to give you "plausible deniability" but fails horribly at it. Any encrypted data passes the Chi Squared test, and even if you try to minimize how much information is in the header, it's fairly trivial to figure out what program / encryption scheme was used if the program is well known, which TrueCrypt is.

LUKS also inflates the encrypted master key and scatters it all over the drive so that it's impossible that dead sectors would cause the key to be permanently stored on the drive (if a sector dies the HDD just marks that area as unusable and will not read/write to it anymore, if the key was on a dead sector and you tried to wipe the drive, even 1,000 passes of /dev/random with dd wouldn't touch it).

The PBKDF in LUKS is better, in general LUKS is also more stable, there's a higher chance your data will get corrupted to shit with TrueCrypt. Its "hidden volumes" are a complete joke, look at the paper by Schneier on that.

Finally, in general you want full disk encryption, something that TrueCrypt doesn't provide on Linux (As far as I know, even if it does now, it would have implemented it recently, not enough time for suitable testing / peer review), and if you're going for security, Linux/BSD is the only choice, using Windows with encryption is pointless. Without full disk encryption, it's likely the programs you use will leave traces of the data you open, from thumbnails, caches, filename records, device access records, and so on. If your entire disk isn't encrypted, it's hard to not leave plaintext traces.