[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root fs/crypted

I like this. Would it be difficult to modify Debian, so that
upon install, it creates an encrypted root volume and starts
things off the right way?

-----Original Message-----
From: clemens <therapy@endorphin.org>
To: debian-security@lists.debian.org <debian-security@lists.debian.org>
Date: Tuesday, May 29, 2001 6:04 PM
Subject: root fs/crypted

>as laws around the globe are forged to weak personal privacy,
>police knocking on one's door, because of portscanning a
>previously hacked website, and - i don't have to tell those
>of you, which are reading slashdot - as pretty strange things start
>to happend worldwide, i'm getting somewhat nervous about
>my data safety.
>what i'm aiming at, you might ask?
>debian should support a crypted rootfs right out
>of the box.
>i'll try to grasp within a few words, what's necessary to realize this:
>- the international kernel must be introduced as regular
>  debian packages.
>- the boot disks needs to be modified (just do a losetup
>  on some loopdev, and mount that one instead of the realrootdev)
>- of course, there must be an initrd to boot from,
>  which accepts authentication information.
>  (this ramdisk has to be placed unencrypted on
>   the rootfs, so the kernel code has to be circumwented or
>   the plain data has to be manually decrypted in usermode
>   to be re-encrypted to the original plain data when flushed
>   to disk.. easy for EBC mode crypto but harder to
>   achieve for CBC mode - creative suggestions welcome)
>- there must be an alternative passphrase, since i nor
>  any user will be willing to trust one forgetable phrase.
>  (how many times have you forgotten your mobil phone pin?)
>  suggestion: the actual key will be random generated, and
>  encrypted twice by two different passphrases/keys - one
>  choosen by the user, one random generated - useful to write on
>  a piece of paper and hide behind the bookshelf.
>(probably i should crosspost to debian-legal. the
>whole non-US issue has been left untouched)
>what do YOU think?
>shell debian be the first(?) privacy enhanced distro?
>^* SAWFASP = searched archives without finding a similiar
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact

Reply to: