Re: root fs/crypted

To: "clemens" <therapy@endorphin.org>, <debian-security@lists.debian.org>
Subject: Re: root fs/crypted
From: "Paul Lowe" <paul@ulink.net>
Date: Tue, 29 May 2001 20:02:50 -0700
Message-id: <002701c0e8b5$04248240$a6378ed1@oj>

I like this. Would it be difficult to modify Debian, so that
upon install, it creates an encrypted root volume and starts
things off the right way?

-----Original Message-----
From: clemens <therapy@endorphin.org>
To: debian-security@lists.debian.org <debian-security@lists.debian.org>
Date: Tuesday, May 29, 2001 6:04 PM
Subject: root fs/crypted


>
>SAWFASP^*
>
>as laws around the globe are forged to weak personal privacy,
>police knocking on one's door, because of portscanning a
>previously hacked website, and - i don't have to tell those
>of you, which are reading slashdot - as pretty strange things start
>to happend worldwide, i'm getting somewhat nervous about
>my data safety.
>
>what i'm aiming at, you might ask?
>debian should support a crypted rootfs right out
>of the box.
>
>i'll try to grasp within a few words, what's necessary to realize this:
>
>- the international kernel must be introduced as regular
>  debian packages.
>- the boot disks needs to be modified (just do a losetup
>  on some loopdev, and mount that one instead of the realrootdev)
>- of course, there must be an initrd to boot from,
>  which accepts authentication information.
>  (this ramdisk has to be placed unencrypted on
>   the rootfs, so the kernel code has to be circumwented or
>   the plain data has to be manually decrypted in usermode
>   to be re-encrypted to the original plain data when flushed
>   to disk.. easy for EBC mode crypto but harder to
>   achieve for CBC mode - creative suggestions welcome)
>- there must be an alternative passphrase, since i nor
>  any user will be willing to trust one forgetable phrase.
>  (how many times have you forgotten your mobil phone pin?)
>  suggestion: the actual key will be random generated, and
>  encrypted twice by two different passphrases/keys - one
>  choosen by the user, one random generated - useful to write on
>  a piece of paper and hide behind the bookshelf.
>
>(probably i should crosspost to debian-legal. the
>whole non-US issue has been left untouched)
>
>what do YOU think?
>shell debian be the first(?) privacy enhanced distro?
>
>clemens
>
>^* SAWFASP = searched archives without finding a similiar
>posting
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>

Reply to:

Prev by Date: root fs/crypted
Next by Date: RE: root fs/crypted
Previous by thread: Re: root fs/crypted
Next by thread: RE: root fs/crypted
Index(es):
- Date
- Thread