| 1 |
Is there any reason that these two types of setups (mikes, and what your |
| 2 |
working on) could no coexist? |
| 3 |
|
| 4 |
On Mon, 2003-08-25 at 13:54, Boyd Waters wrote: |
| 5 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 6 |
> Hash: SHA1 |
| 7 |
> |
| 8 |
> Ned Ludd wrote: |
| 9 |
> |
| 10 |
> | *) Needs to work for 2.4.x & 2.6.x |
| 11 |
> | *) We would like them to have is an automated method of doing this from |
| 12 |
> | the live-cd |
| 13 |
> | *) Need Gentoo HOWTO / instructions written. |
| 14 |
> | *) The storage medium should be abstracted. |
| 15 |
> | usb, stick memory, floppy, cd, etc.. any of those should be able to |
| 16 |
> | store the keys |
| 17 |
> | *) Solution must pass public critique process. eg: win the approval of |
| 18 |
> | this list. |
| 19 |
> | *) Talk is cheap so show us the code. |
| 20 |
> |
| 21 |
> |
| 22 |
> I agree that any solution that individuals have come up with is not very |
| 23 |
> interesting until it is pacakged and tested so that many people can use it. |
| 24 |
> |
| 25 |
> Perhaps we need to re-set expectations a bit: although many have met |
| 26 |
> with success with loop-AES, for example, the encrypted-root procedure |
| 27 |
> that is automated by loop-AES has NEVER worked for me. |
| 28 |
> |
| 29 |
> ~From the encrypted-disk thread on forums.gentoo.org, it is clear that |
| 30 |
> many users are all too ready to trust any sort of documented procedure |
| 31 |
> and are quite willing to Cuisinart their data without getting into |
| 32 |
> encruypted-root in an incremental way. |
| 33 |
> |
| 34 |
> The reason you haven't seen more writted stuff from me on this is |
| 35 |
> because I am trying to TEST this stuff before sharing it with others. |
| 36 |
> Particularly for an ecrypted root system, this takes a bit of time. |
| 37 |
> |
| 38 |
> Mike has an initrd system that seems to work. I tried to test this last |
| 39 |
> week but did not have spare time. I have to have about three hours of |
| 40 |
> quiet time to test something like this in a useful (i.e. reproducable) way. |
| 41 |
> |
| 42 |
> So my talk will be cheap for quite some time, I expect. |
| 43 |
> |
| 44 |
> - - boyd |
| 45 |
> |
| 46 |
> -----BEGIN PGP SIGNATURE----- |
| 47 |
> Version: GnuPG v1.2.2 (GNU/Linux) |
| 48 |
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 49 |
> |
| 50 |
> iD8DBQE/Sk1T0is8k1r0QeURAsh1AJ9Y8ABsTxbIyEKVDdKYbtV0xWAYggCfZoaX |
| 51 |
> vhtvfGya3m63vS9UajMUbEA= |
| 52 |
> =Zbon |
| 53 |
> -----END PGP SIGNATURE----- |
| 54 |
> |
| 55 |
> |
| 56 |
> -- |
| 57 |
> gentoo-hardened@g.o mailing list |
| 58 |
-- |
| 59 |
Ned Ludd <solar@g.o> |
| 60 |
Gentoo Linux Developer (Hardened) |
Archives