1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Ned Ludd wrote: |
5 |
|
6 |
| *) Needs to work for 2.4.x & 2.6.x |
7 |
| *) We would like them to have is an automated method of doing this from |
8 |
| the live-cd |
9 |
| *) Need Gentoo HOWTO / instructions written. |
10 |
| *) The storage medium should be abstracted. |
11 |
| usb, stick memory, floppy, cd, etc.. any of those should be able to |
12 |
| store the keys |
13 |
| *) Solution must pass public critique process. eg: win the approval of |
14 |
| this list. |
15 |
| *) Talk is cheap so show us the code. |
16 |
|
17 |
|
18 |
I agree that any solution that individuals have come up with is not very |
19 |
interesting until it is pacakged and tested so that many people can use it. |
20 |
|
21 |
Perhaps we need to re-set expectations a bit: although many have met |
22 |
with success with loop-AES, for example, the encrypted-root procedure |
23 |
that is automated by loop-AES has NEVER worked for me. |
24 |
|
25 |
~From the encrypted-disk thread on forums.gentoo.org, it is clear that |
26 |
many users are all too ready to trust any sort of documented procedure |
27 |
and are quite willing to Cuisinart their data without getting into |
28 |
encruypted-root in an incremental way. |
29 |
|
30 |
The reason you haven't seen more writted stuff from me on this is |
31 |
because I am trying to TEST this stuff before sharing it with others. |
32 |
Particularly for an ecrypted root system, this takes a bit of time. |
33 |
|
34 |
Mike has an initrd system that seems to work. I tried to test this last |
35 |
week but did not have spare time. I have to have about three hours of |
36 |
quiet time to test something like this in a useful (i.e. reproducable) way. |
37 |
|
38 |
So my talk will be cheap for quite some time, I expect. |
39 |
|
40 |
- - boyd |
41 |
|
42 |
-----BEGIN PGP SIGNATURE----- |
43 |
Version: GnuPG v1.2.2 (GNU/Linux) |
44 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
45 |
|
46 |
iD8DBQE/Sk1T0is8k1r0QeURAsh1AJ9Y8ABsTxbIyEKVDdKYbtV0xWAYggCfZoaX |
47 |
vhtvfGya3m63vS9UajMUbEA= |
48 |
=Zbon |
49 |
-----END PGP SIGNATURE----- |
50 |
|
51 |
|
52 |
-- |
53 |
gentoo-hardened@g.o mailing list |