one can safely strike the "vulnerable" part from the dm-crypt part, they did their homework (courtesy of LUKS) since kernel 2.6.11 out-of-the-box, and it's an ongoing struggle for them. just check their FAQ @ http://www.saout.de/misc/dm-crypt/ for the ACK about security probs in the past, and their newsgroup available @ http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt sometimes makes me cringe at the subject - one just doesn't expect things like that to happen on stable kernel series. still, you gotta watch your back when it comes to upgrading your system.
concerning ciphers, just stay away from blowfish. AES, twofish, serpent are ok to use.
regarding the partition question thing, i have some ideas, depending on your usage pattern. use ext3. you dont need the "benefits" of xfs on media / backup partitions.
- a) create the backup partition smartly - obvious thing to do, i know, but... think - what's your backup cycle, full or incremental,etc? i'd add 50% of the overall estimated backup space as margin. as plain filesystem space.
- b) adjust the reserved root filesystem space smartly on the media partition. (add the whole calculated backup partition space +50% as margin?), one can never have too much hd space.
- c) same thought pattern applied to the backup partition - think about size requirements, think about the hassle of resizing filesystems, think of ease of use of reserved fs blocks on an ext3 fs :)
whatever you plan going along with, keep us posted.
and good luck :)