Comment 11 for bug 434232

Well, the EXACT (and USB-disk-proof) syntax is:
  echo 'target=#TARGET#,source=/dev/disk/by-uuid/#UUID#' > /etc/initramfs-tools/conf.d/cryptroot
(thus leading to a '/dev/mapper/#TARGET#' device; otherwise, you get a '/dev/mapper/cryptroot' device)

Also, make sure to add the proper modules in '/etc/initramfs-tools/modules'. Mine are:
  dm_crypt
  aes_i586
  gf128mul
  lrw
(this depends on which ciphers you use; 'diff' the 'lsmod' output before/after activating the LUKS partition to find out which additional modules may be needed)

As for "best practices": I personally see no benefits (more like drawbacks) in encrypting my system libraries, executables, package cache, etc. on a netbook with a slow CPU...

Cheers