Re: root fs/crypted
it should also be possible to include basic network support
into the initrd to enable 'entering' a password remote.
we can't support all methods allowed by /etc/network/interfaces
(ppp/wvdial should be omitted..) but static/dhcp/bootp are
there authorization process could beneath reading /dev/console
also listen on an udp port.
local and remote station must share a secret(key) to allow secure
communication. a couple of one time pads for maximum security
would be the best.
i don't want to drive through the whole city because someone
accidentally unplugged my box :)
On Wed, May 30, 2001 at 03:01:17AM +0200, clemens wrote:
> as laws around the globe are forged to weak personal privacy,
> police knocking on one's door, because of portscanning a
> previously hacked website, and - i don't have to tell those
> of you, which are reading slashdot - as pretty strange things start
> to happend worldwide, i'm getting somewhat nervous about
> my data safety.
> what i'm aiming at, you might ask?
> debian should support a crypted rootfs right out
> of the box.
> i'll try to grasp within a few words, what's necessary to realize this:
> - the international kernel must be introduced as regular
> debian packages.
> - the boot disks needs to be modified (just do a losetup
> on some loopdev, and mount that one instead of the realrootdev)
> - of course, there must be an initrd to boot from,
> which accepts authentication information.
> (this ramdisk has to be placed unencrypted on
> the rootfs, so the kernel code has to be circumwented or
> the plain data has to be manually decrypted in usermode
> to be re-encrypted to the original plain data when flushed
> to disk.. easy for EBC mode crypto but harder to
> achieve for CBC mode - creative suggestions welcome)
> - there must be an alternative passphrase, since i nor
> any user will be willing to trust one forgetable phrase.
> (how many times have you forgotten your mobil phone pin?)
> suggestion: the actual key will be random generated, and
> encrypted twice by two different passphrases/keys - one
> choosen by the user, one random generated - useful to write on
> a piece of paper and hide behind the bookshelf.
> (probably i should crosspost to debian-legal. the
> whole non-US issue has been left untouched)
> what do YOU think?
> shell debian be the first(?) privacy enhanced distro?
> ^* SAWFASP = searched archives without finding a similiar