I keep a /crypt noauto partition that I mount manually by passphrase via
ssh after the server is booted.
And don't keep 'sensitive' info in other partitions...
On Mon, May 27, 2024 at 11:57 AM <04-psyche.tot...@icloud.com> wrote:
> Thanks all for your thoughts.
>
> Regarding the remote serial
Thanks all for your thoughts.
Regarding the remote serial console access, unfortunately, it is not
possible in my case.
I do not have IPMI or something similar :(
On Mon, 27 May 2024 at 08:17, Manuel Giraud <
manuel_at_ledu-giraud_fr_rmp93abv53d47h_m6783...@icloud.com> wrote:
> Stefan Kreutz
Stefan Kreutz writes:
> Can you access the machine's serial console, maybe redirected over IP?
I concur that a remote serial console access (maybe via a web interface
serviced by your provider) is your best option here.
I used to do (almost) FDE without console access but here is list of
On Sun, May 26, 2024 at 08:33:59PM +0100, 04-psyche.tot...@icloud.com wrote:
Hi everyone,
Is there any way to use disk encryption without having physical access to the
device?
You could use a USB keydisk (make sure you, and your assistant on the
remote server, have copious backup(s
On Sun, May 26, 2024 at 08:33:59PM +0100, 04-psyche.tot...@icloud.com wrote:
> Is there any way to use disk encryption without having physical access to
> the device?
Yes, it is possible.
But I think you are talking about full disk encryption and want to enter a
passphrase at the boot
Can you access the machine's serial console, maybe redirected over IP?
On Sun, May 26, 2024 at 08:33:59PM GMT, 04-psyche.tot...@icloud.com wrote:
> Hi everyone,
>
> Is there any way to use disk encryption without having physical access to the
> device?
>
> A f
Hi everyone,
Is there any way to use disk encryption without having physical access to the
device?
A few potential ideas:
- is there a way to enter the encryption passphrase via ssh?
- is there a way to create a non encrypted partition on the same hard drive,
where the keydisk would be stored
It's about private messages.
Kirill A. Korinsky :
> I wonder how did you blacklist someone by IP who sents his emails into
> maillist? By parsing all Received headers to find some bad IP? Or?
On Wed, 06 Mar 2024 10:40:31 +0100,
Daniele B. wrote:
>
> Initially I blacklisted his ip. Then, understood the music, I started to find
> its approaching intriguing.. ;D
>
I wonder how did you blacklist someone by IP who sents his emails into
maillist? By parsing all Received headers to find
Admitting without psycho guys, heartbreak exchanges, NSA (at least) readers
this mailing list is without pepper.
However, sometimes also the OT of Jan are interesting.
Initially I blacklisted his ip. Then, understood the music, I started to find
its approaching intriguing.. ;D
-Dan
Mar 6,
On 2024-03-06, ofthecentury wrote:
> Who's this psycho Jan Stary telling people new to OpenBSD not to use
> an appropriate public mailing list for legitimate questions?
Sadly some list members are a bit intolerant of things which are
perfectly valid topics for the list.
> Stop poluting the list
Who's this psycho Jan Stary telling people new to OpenBSD not to use
an appropriate public mailing list for legitimate questions?
-- Forwarded message -
From: Jan Stary
Date: Wed, Mar 6, 2024 at 1:26 PM
Subject: Re: Disk encryption cipher
To: ofthecentury
Stop poluting
Hi. I cannot find what cipher is used for full
> > disk encryption on OpenBSD. I saw a mention
> > of salting too, but really no specifics on what
> > the encryption algorithm is. Is there somewhere
> > I can read about it? And really, what is the cipher
> > used?
>
Den ons 6 mars 2024 kl 07:17 skrev ofthecentury :
>
> Hi. I cannot find what cipher is used for full
> disk encryption on OpenBSD. I saw a mention
> of salting too, but really no specifics on what
> the encryption algorithm is. Is there somewhere
> I can read about it
Hi. I cannot find what cipher is used for full
disk encryption on OpenBSD. I saw a mention
of salting too, but really no specifics on what
the encryption algorithm is. Is there somewhere
I can read about it? And really, what is the cipher
used?
Tobias Heider writes:
> On October 3, 2023 2:30:54 PM GMT+02:00, "Robert B. Carleton"
> wrote:
>>Tobias Heider writes:
>>
>>> On October 3, 2023 1:32:39 AM GMT+02:00, "Robert B. Carleton"
>>> wrote:
>>>>I'm tryin
On October 3, 2023 2:30:54 PM GMT+02:00, "Robert B. Carleton"
wrote:
>Tobias Heider writes:
>
>> On October 3, 2023 1:32:39 AM GMT+02:00, "Robert B. Carleton"
>> wrote:
>>>I'm trying to setup host-to-host encryption using iked with the
Tobias Heider writes:
> On October 3, 2023 1:32:39 AM GMT+02:00, "Robert B. Carleton"
> wrote:
>>I'm trying to setup host-to-host encryption using iked with the
>>following configuration:
>>
>>On 10.2.2.10:
>>
>>ikev2 passive esp from 10.2
On October 3, 2023 1:32:39 AM GMT+02:00, "Robert B. Carleton"
wrote:
>I'm trying to setup host-to-host encryption using iked with the
>following configuration:
>
>On 10.2.2.10:
>
>ikev2 passive esp from 10.2.2.10 to 10.2.1.11 srcid 10.2.2.10
>
>On 10.2.1.11:
I'm trying to setup host-to-host encryption using iked with the
following configuration:
On 10.2.2.10:
ikev2 passive esp from 10.2.2.10 to 10.2.1.11 srcid 10.2.2.10
On 10.2.1.11:
ikev2 active esp from 10.2.1.11 to 10.2.2.10 srcid 10.2.1.11
I exchanged the /etc/iked/local.pub files into /etc
Hello,
I was able to auto-install OpenBSD/amd64 except full disk encryption
(FDE). Is FDE supported in autoinstall?
Thanks much!
Boj
On Wed, May 10, 2023 at 01:41:47PM +1000, Stuart Longland wrote:
> delivery. I've certainly coaxed Taylor UUCP to work over SSH in the
> past, and it does work just fine. Not sure if OpenBSD has a built-in
> UUCP, but that is an option. It'd solve my immediate problem… but I
> figure if they're
; likely use a service like Gmail which means your communication is in
> Google's hands; but unless you strictly enforce encryption in transit-
> most MTAs only use _opportunistic_ encryption-every device your e-mail
> traversed possibly has access to the content as well. This is why
>
On 2023-05-09, Stuart Henderson wrote:
Ed25519 is used for signing not encrypting. But Ed25519 keys can be
converted and used for encryption; "age" has convenience support
for doing this with Ed25519 ssh keys, and might generally be something
that works for your use case. It's n
hat are part of the base system.
>
> I know OpenSSL (and likely LibreSSL) can do RSA for this purpose,
> although its CLI is more of a debugging tool than an actual encryption
> tool.
to be fair, gpg's CLI seems more like a debugging tool too ;)
>I'd also like to use ECC keys (
On Tue, May 09, 2023 at 09:21:03AM +1000, Stuart Longland wrote:
> Hi all,
>
> Silly question… is there a tool for encrypting files with asymmetric
> keys on OpenBSD? I'm aware of GnuPG in ports, and I'm fine with using
> that, however I'm curious to know what other options there are out
>
(and likely LibreSSL) can do RSA for this purpose,
although its CLI is more of a debugging tool than an actual encryption
tool. I'd also like to use ECC keys (ideally ED25519) for future
proofing, since RSA is getting quite long in the tooth now.
The use case here is to make an encrypted inbound mail
:
>On Wed, Dec 28, 2022 at 09:01:26PM +, Chris wrote:
>> After that however, the bootloader no longer prompts me for the full disk
>> encryption passphrase. Previously it was prompting me for the FDE passphrase
>> before it tried to boot the broken kernel.
>
>I'm assuming
On Wed, Dec 28, 2022 at 09:01:26PM +, Chris wrote:
> After that however, the bootloader no longer prompts me for the full disk
> encryption passphrase. Previously it was prompting me for the FDE passphrase
> before it tried to boot the broken kernel.
I'm assuming that you only have
into install72.img,
decrypted the disk and copied over the 7.2 kernel from sets. The machine was
running -current but I assume the 7.2 kernel would boot it as well. After that
however, the bootloader no longer prompts me for the full disk encryption
passphrase. Previously it was prompting me
On Mon, Dec 5, 2022, at 12:26 PM, Mare Dedeu wrote:
> Hi,
>
> I recently had to fight with a thinkpad l13 gen 3 to install OpenBSD with
> full disk encryption alongside with linux for blobs like zoom etc. I hope
> somebody else can profit from the effort. It is trivial, I guess,
Hi,
I recently had to fight with a thinkpad l13 gen 3 to install OpenBSD with
full disk encryption alongside with linux for blobs like zoom etc. I hope
somebody else can profit from the effort. It is trivial, I guess, but it
might be helpful for someone.
https://astro-gr.org/openbsd-full
On Wed, Dec 29, 2021 at 05:22:19PM -0500, openbsd-m...@pyr3x.com wrote:
> Hello,
>
> I'm using full disk encryption via the softraid subsystem and bioctl with a
> keydisk. I have a second drive that I'm backing up the root filesystem to
> via ROOTBACKUP=1 and the proper fstab entry
Hi misc,
I'd like to have two encrypted 1TB disks in RAID 1 mirror mode (no hardware
RAID installed). Is it possible to use bioctl for that purpose or do I need to
use HW RAID and encrypt mirrored disks with bioctl -cC -l /dev/sd1a softraid0 ?
Please advice.
Martin
On Mon, Oct 19, 2020 at 06:28:50PM +, Martin wrote:
> I'd like to have two encrypted 1TB disks in RAID 1 mirror mode (no hardware
> RAID installed). Is it possible to use bioctl for that purpose or do I need
> to use HW RAID and encrypt mirrored disks with bioctl -cC -l /dev/sd1a
>
What would you suggest to keep private key material in a safe place?
There are rumors that even material stored as not extractable in Nitrokey Pro
still can be extracted by side channels like electromagnetic emission.
Would running all Internet communication end points on low powered Cortex A7
We had a VPS customer ask for help on full disk encryption, and since
following the instructions on
https://www.openbsd.org/faq/faq14.html#softraidFDE
did not work with a serial console, we published a blog post on it:
https://prgmr.com/blog/openbsd/2020/05/08/openbsd-encrypted-root.html
I
Some time ago Google bought 2000qbit version from D-wave and confirmed it is a
quantum computer bla bla bla... but cluster consists of eight qbit blocks to
build advertised capacity if I understand googles papers right.
My question was about decrypting currently generated and accumulated
On Sat, May 9, 2020 at 1:05 PM Kevin Chadwick wrote:
> Careful of what sources you trust! If a processor was storing the keys used,
> non
> volatile then people would have found out. Software encryption wouldn't save
> you
> either. If there is a back door it won't have anything
-NI hardware encryption, all encrypted packets ingoing, outgoing - then
> automatically contain that U.S. government backdoor!
Careful of what sources you trust! If a processor was storing the keys used, non
volatile then people would have found out. Software encryption wouldn't
encryption, all encrypted packets ingoing, outgoing - then
automatically contain that U.S. government backdoor!
On 2020-05-09 14:34, i...@aulix.com wrote:
> D-waves has too uncoupled qubits if I understand it correctly, it is nothing
> to do about qubits quantity as we used to think about it. Like a "cluster" of
> completely isolated hosts (which is already not a cluster or course).
I don't care for the
On 2020-05-09 14:31, i...@aulix.com wrote:
> guessed by quantum provided session symmetric cipher is strong enough?
Quantum does not break any in use today and AES-256 symmetric is expected to be
quantum resistant in any case.
I personally prefer AES-256 ctr over the more complex GCM. I am not
D-waves has too uncoupled qubits if I understand it correctly, it is nothing to
do about qubits quantity as we used to think about it. Like a "cluster" of
completely isolated hosts (which is already not a cluster or course).
OpenSSH allows to use hybrid mode with many private keys of different type and
even stored on different hardware like Nitrokey, Rutoken, etc. at the same time
for a single session.
E.g. 4 different private keys are required (say Nitrokey, Rutoken ECP2,
Curve25519 and Postquantum one):
.
In 2016 Google tested some encryption sub-layer in Chrome browser to test
quantum resistant encryption algo.
According to current online data collecting practices, after six years most of
'old' algorithms will possible to decrypt directly from storage by 'modern'
quantum computers.
Martin
On 2020-05-09 07:41, Martin wrote:
> This one
> https://www.tomshardware.com/news/d-wave-5000-qubit-first-sale,40470.html
> is the most powerful 5000qbits quantum computer sells nowadays.
D-waves definition of qubit is different and their machines will never be
capable of breaking public key
ecial' tasks which can be accelerated using quantum architecture.
>
> In 2016 Google tested some encryption sub-layer in Chrome browser to test
> quantum resistant encryption algo.
>
> According to current online data collecting practices, after six years most
> of 'old'
On 5/8/20 3:16 PM, Martin wrote:
> Which 'quantum' resistant algorithms can be used right now to prevent data
> decryption in future by 'quantum' computers (when they can do this) of
> currently collected data flows?
this is so dumb.
worry about this when there are computers which can
According to Damien Miller:
>this is pretty much possible now, by enabling the experimental support
for the XMSS PQ signature algorithm
in the SSH
https://www.technologyreview.com/2018/02/21/145300/serious-quantum-computers-are-finally-here-what-are-we-going-to-do-with-them/
https://www.microsoft.com/en-us/research/project/post-quantum-ssh/
https://openquantumsafe.org/
Why not to add post quantum algos to the SSH mainline to make them
Which 'quantum' resistant algorithms can be used right now to prevent data
decryption in future by 'quantum' computers (when they can do this) of
currently collected data flows?
Martin
On Tue, Feb 18, 2020 at 08:05:29AM +0100, Paul de Weerd wrote:
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the
> Are there any downsides though? For example, would resume from
> hibernation still work for such a setup?
It should work with hibernation without any problems, but i did
not test this extensively.
>
> More so, for the less knowledgeable of us, how does this relate to
> UEFI's "Secure
Make sure no one has physical access to you machine!
EVER.
Lock it away.
That way no 'Evil Maid' or any one else can access it!
This is not hard.
Why is this a thing?
If someone has physical access to you box then it is Game Over!
All of these fantasy efforts are BS.
Physically secure your
On Mon, Feb 17, 2020 at 04:09:57PM +0100, Julius Zint wrote:
I'm not really in a position to reflash my machine but I would still be
curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the USB-stick-bootloader to boot the hard drive partition by
| default?
Best
On Mon, Feb 17, 2020 at 06:44:25PM +0100, Paul de Weerd wrote:
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a
chance that
the
early boot components are unchanged.
Some feedback from the OpenBSD community on this would also be appreciated. Are
there
enought people interessted in a Trusted Boot with OpenBSD?
That's amazing if you can get it to work without reflashing. Are you
then sealing the disk encryption
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a bootloader on the physical disk inside
| > your machine. It's then
I’m interested as well.
Jan
On 17 Feb 2020, at 17:10, Kevin Chadwick wrote:
On 2020-02-17 15:09, Julius Zint wrote:
Some feedback from the OpenBSD community on this would also be
appreciated. Are there
enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
On 2020-02-17 15:09, Julius Zint wrote:
> Some feedback from the OpenBSD community on this would also be appreciated.
> Are there
> enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
> I'm not really in a position to reflash my machine but I would still be
> curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of Trust for Measurment (SRTM) approach
where the Chain of
On Mon, Feb 17, 2020 at 11:56:24AM +0100, Paul de Weerd wrote:
But you can already do this. If your machine supports booting from
USB, you can do a minimal install to a USB stick (using FDE, if you
want). Now you have a portable OpenBSD environment you can boot on
any system capable of booting
On Mon, Feb 17, 2020 at 11:13:27AM +0100, Julius Zint wrote:
I recently finished my masterthesis that solves this problem by including
the Trusted Platform Module (TPM) in the bootprocess of OpenBSD.
It extends the Chain of Trust up to boot(8) and allows you to seal a
secret of your choice to
>>> How do you do this on OpenBSD?
>>@frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
>
> That's telling me how to use a keydisk -- how to put the softraid FDE
> encryption key material on a USB disk.
>
> If an evil made came by and got access t
On Mon, Feb 17, 2020 at 08:50:14AM +, Frank Beuth wrote:
| > > How do you do this on OpenBSD?
| > @frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
|
| That's telling me how to use a keydisk -- how to put the softraid FDE
| encryption key material on a
>
> If an evil made came by and got access to my machine, they would still
> be able to tamper with the bootloader code to harvest the FDE password
> when I returned.
>
> I want to put the whole bootloader (including the code used to decrypt
> the softraid-FDE-encrypted
for crypto payload/keys.
>
How do you do this on OpenBSD?
@frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
That's telling me how to use a keydisk -- how to put the softraid FDE
encryption key material on a USB disk.
If an evil made came by and got access to my machine, they wo
> >depends what you want to achieve, but my recommendation is booting from
> USB
> >and mount encrypted root from the HDD.
> >you can safely remove the usb key after root mount and all your
configs/etc
> >files are used from the encrypted storage.
> >this ensures 2 things: bootloader + kernel on
On Thu, Feb 13, 2020 at 01:31:43PM +0100, no@s...@mgedv.net wrote:
depends what you want to achieve, but my recommendation is booting from USB
and mount encrypted root from the HDD.
you can safely remove the usb key after root mount and all your configs/etc
files are used from the encrypted
no@s...@mgedv.net(nos...@mgedv.net) on 2020.02.13 13:31:43 +0100:
> > > On Linux you can do the following:
> > > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive
> entirely encrypted] }
> ... which i would consider to be as insecure, as unencrypted root at all.
... which totaly
> > On Linux you can do the following:
> > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive
entirely encrypted] }
... which i would consider to be as insecure, as unencrypted root at all.
maybe check out https://wiki.osdev.org, they have nice articles on this.
IMHO a secure boot
cipher-hea...@riseup.net writes:
>
> On Linux you can do the following:
>
> Hard drive:
> { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
> encrypted] }
>
> Then the only parts of the (x64) computer that are unencrypted are the BIOS
> and GRUB.
This is how it already
On Thu, Feb 13, 2020 at 10:31:30AM +, cipher-hea...@riseup.net wrote:
>
> On Linux you can do the following:
>
> Hard drive:
> { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
> encrypted] }
>
> Then the only parts of the (x64) computer that are unencrypted are
On Linux you can do the following:
Hard drive:
{ [1MB unencrypted GRUB bootloader partition] [Rest of hard drive entirely
encrypted] }
Then the only parts of the (x64) computer that are unencrypted are the BIOS and
GRUB.
You can then move the GRUB offline if you wish, execute it externally.
Aham Brahmasmi wrote:
>If I am not wrong, the verification should fail.
If you have a system that uses private / public signing keys then, yes,
you're correct.
But:
1) In my opinion it's probably overkill for just doing backups. As I said
in my previous email, just using symmetric encrypt
On Sat, 4 Jan 2020, Philippe Meunier wrote:
> Roderick wrote:
> >I do use openssl for encrypting files in my laptop.
>
> So do I. I only encrypt the 0.001% of files that are really important and
> then those files are encrypted on my computer too, not just on the backup
> system [...]
I have
Namaste Philippe,
Merci beaucoup for your reply.
> Sent: Saturday, January 04, 2020 at 3:54 PM
> From: "Philippe Meunier"
> To: "Aham Brahmasmi"
> Cc: misc@openbsd.org, Roderick
> Subject: Re: Request for recommendation - encryption and signature for file
fication step is useless: if someone can change an
encrypted file on your backup system then they can change the corresponding
signature file on the same backup system too.
If you use (symmetric) encryption then there is probably no need for a
signature in your simple use case anyway: if the en
Namaste Rodrigo,
Thank you for your reply.
> Sent: Friday, January 03, 2020 at 5:43 PM
> From: "Roderick"
> To: "Aham Brahmasmi"
> Cc: misc@openbsd.org
> Subject: Re: Request for recommendation - encryption and signature for file
> backup
>
>
t; If Step 2 exits with success,
> Step 3 - use file to restore
>
> For the tools to encrypt and sign, I think I may use the following:
>
> For encryption: encpipe
> encpipe (https://github.com/jedisct1/encpipe) is ISC licenced, written
> in C by Monsieur Denis and seems simple. If there
Hallo Claus,
Danke for your reply.
> Sent: Thursday, January 02, 2020 at 6:38 PM
> From: "Claus Assmann"
> To: misc@openbsd.org
> Subject: Re: Request for recommendation - encryption and signature for file
> backup
>
> Maybe duplicity? It's available as pack
Maybe duplicity? It's available as package (not sure
whether it does signing).
--
Address is valid for this mailing list only.
to restore
For the tools to encrypt and sign, I think I may use the following:
For encryption: encpipe
encpipe (https://github.com/jedisct1/encpipe) is ISC licenced, written
in C by Monsieur Denis and seems simple. If there is one thing that I
know - and I admit I don't know much - all things being
19 at 02:02:39AM +, Chris Humphries wrote:
> > Hello,
> >
> > I have full disk encryption active on my machine. I would like to
> > follow -current, and the FAQ[1] said to grab an install image for a
> > snapshot and (U)pgrade.
> >
> > The problem i
In -current you should create sd0 manually.
# cd /dev && sh MAKEDEV sd0
And then use bioctl as usual.
On Thu, Jul 04, 2019 at 02:02:39AM +, Chris Humphries wrote:
> Hello,
>
> I have full disk encryption active on my machine. I would like to
> follow -current, and the
gt;> On Thu, Jul 04, 2019 at 02:02:39AM +, Chris Humphries wrote:
>> Hello,
>>
>> I have full disk encryption active on my machine. I would like to
>> follow -current, and the FAQ[1] said to grab an install image for a
>> snapshot and (U)pgrade.
>>
>
;
> I have full disk encryption active on my machine. I would like to
> follow -current, and the FAQ[1] said to grab an install image for a
> snapshot and (U)pgrade.
>
> The problem is, I'm not sure how to manually get my FDE disk live via
> shell from the installer.
>
> I t
Hello,
I have full disk encryption active on my machine. I would like to
follow -current, and the FAQ[1] said to grab an install image for a
snapshot and (U)pgrade.
The problem is, I'm not sure how to manually get my FDE disk live via
shell from the installer.
I tried doing disklabel on likely
Many thanks to all for your explanations, as always.
Regards,
C. L. Martinez
From: owner-m...@openbsd.org on behalf of Kevin
Chadwick
Sent: 13 September 2018 17:39
To: misc@openbsd.org
Subject: Re: OT: Firmware encryption hacked?
On Thu, 13 Sep 2018 10
f-secure.com/cold-boot-attacks/
>
> The vulnerability seems to be when a computer is running or "sleeping"
> not actually off or hibernating. There are then ways that an attacker
> with physical access might recover encryption keys or other data from
> RAM.
Old news. Also, cold boo
mputer is running or "sleeping"
not actually off or hibernating. There are then ways that an attacker
with physical access might recover encryption keys or other data from
RAM.
Uhmm … Reality?
https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1
Can we consider a risk to encrypt at OS level also?
> On Aug 7, 2018, at 7:15 AM, Kevin Chadwick wrote:
>
> On Mon, 6 Aug 2018 15:52:11 -0500
> It may be more likely that some zealous chrome devs
> decided https everywhere was utterly important and so misleading
> messages were the order of the day.
For some reason I thought https
OS.
>
> https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/
I wouldn't be too concerned in any case. It is not like OpenBSD devs are
likely to switch out AES-NI support from the filesystem encryption.
Rarely is well implemented encryption the w
I imagine the answer is this is not implemented or going to be but saw
this article and figured I would ask.
Seems suspect to not release all details, and have it rejected by ISO
but yet still being put in both the kernel and Android OS.
https://itsfoss.com/nsas-encryption-algorithm-in-linux
I want to use full disk encryption on all of the disks of a host (two hosts).
They can have the same password. How should I do this?
1. A method that I know will work is to make separate CRYPTO discipline
softraid devices for each disk, install on one of them; and configure and mount
the other
It should work as otherwise outlined in the FAQ. The softraid partition is
marked as RAID when you check with disklabel. Let's say that patrtition is
sd2a. In that case run
# bioctl -c C -l /dev/sd2a softraid0
It will ask you for the encryption password and then tell you what device
On Fri, Aug 03, 2018 at 12:06:41AM +0200, Felix Maschek wrote:
> I've used a full encrypted HDD (created as described in the OpenBSD FAQ) on
> a broken system and want to backup some data from it.
> I've assembled this HDD into an external USB case and want to mount the HDD
> on another system.
1 - 100 of 532 matches
Mail list logo
