[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

root fs/crypted


as laws around the globe are forged to weak personal privacy, 
police knocking on one's door, because of portscanning a
previously hacked website, and - i don't have to tell those
of you, which are reading slashdot - as pretty strange things start
to happend worldwide, i'm getting somewhat nervous about
my data safety.

what i'm aiming at, you might ask? 
debian should support a crypted rootfs right out
of the box.

i'll try to grasp within a few words, what's necessary to realize this:

- the international kernel must be introduced as regular 
  debian packages. 
- the boot disks needs to be modified (just do a losetup
  on some loopdev, and mount that one instead of the realrootdev)
- of course, there must be an initrd to boot from, 
  which accepts authentication information.
  (this ramdisk has to be placed unencrypted on 
   the rootfs, so the kernel code has to be circumwented or
   the plain data has to be manually decrypted in usermode
   to be re-encrypted to the original plain data when flushed 
   to disk.. easy for EBC mode crypto but harder to
   achieve for CBC mode - creative suggestions welcome)
- there must be an alternative passphrase, since i nor
  any user will be willing to trust one forgetable phrase.
  (how many times have you forgotten your mobil phone pin?)
  suggestion: the actual key will be random generated, and 
  encrypted twice by two different passphrases/keys - one 
  choosen by the user, one random generated - useful to write on 
  a piece of paper and hide behind the bookshelf.

(probably i should crosspost to debian-legal. the 
whole non-US issue has been left untouched)

what do YOU think?
shell debian be the first(?) privacy enhanced distro?


^* SAWFASP = searched archives without finding a similiar 

Reply to: