| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Ned Ludd wrote: |
| 5 |
|
| 6 |
| *) Needs to work for 2.4.x & 2.6.x |
| 7 |
| *) We would like them to have is an automated method of doing this from |
| 8 |
| the live-cd |
| 9 |
| *) Need Gentoo HOWTO / instructions written. |
| 10 |
| *) The storage medium should be abstracted. |
| 11 |
| usb, stick memory, floppy, cd, etc.. any of those should be able to |
| 12 |
| store the keys |
| 13 |
| *) Solution must pass public critique process. eg: win the approval of |
| 14 |
| this list. |
| 15 |
| *) Talk is cheap so show us the code. |
| 16 |
|
| 17 |
|
| 18 |
I agree that any solution that individuals have come up with is not very |
| 19 |
interesting until it is pacakged and tested so that many people can use it. |
| 20 |
|
| 21 |
Perhaps we need to re-set expectations a bit: although many have met |
| 22 |
with success with loop-AES, for example, the encrypted-root procedure |
| 23 |
that is automated by loop-AES has NEVER worked for me. |
| 24 |
|
| 25 |
~From the encrypted-disk thread on forums.gentoo.org, it is clear that |
| 26 |
many users are all too ready to trust any sort of documented procedure |
| 27 |
and are quite willing to Cuisinart their data without getting into |
| 28 |
encruypted-root in an incremental way. |
| 29 |
|
| 30 |
The reason you haven't seen more writted stuff from me on this is |
| 31 |
because I am trying to TEST this stuff before sharing it with others. |
| 32 |
Particularly for an ecrypted root system, this takes a bit of time. |
| 33 |
|
| 34 |
Mike has an initrd system that seems to work. I tried to test this last |
| 35 |
week but did not have spare time. I have to have about three hours of |
| 36 |
quiet time to test something like this in a useful (i.e. reproducable) way. |
| 37 |
|
| 38 |
So my talk will be cheap for quite some time, I expect. |
| 39 |
|
| 40 |
- - boyd |
| 41 |
|
| 42 |
-----BEGIN PGP SIGNATURE----- |
| 43 |
Version: GnuPG v1.2.2 (GNU/Linux) |
| 44 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 45 |
|
| 46 |
iD8DBQE/Sk1T0is8k1r0QeURAsh1AJ9Y8ABsTxbIyEKVDdKYbtV0xWAYggCfZoaX |
| 47 |
vhtvfGya3m63vS9UajMUbEA= |
| 48 |
=Zbon |
| 49 |
-----END PGP SIGNATURE----- |
| 50 |
|
| 51 |
|
| 52 |
-- |
| 53 |
gentoo-hardened@g.o mailing list |
Archives