I like this. Would it be difficult to modify Debian, so that upon install, it creates an encrypted root volume and starts things off the right way?
-----Original Message----- From: clemens <[EMAIL PROTECTED]> To: debian-security@lists.debian.org <debian-security@lists.debian.org> Date: Tuesday, May 29, 2001 6:04 PM Subject: root fs/crypted > >SAWFASP^* > >as laws around the globe are forged to weak personal privacy, >police knocking on one's door, because of portscanning a >previously hacked website, and - i don't have to tell those >of you, which are reading slashdot - as pretty strange things start >to happend worldwide, i'm getting somewhat nervous about >my data safety. > >what i'm aiming at, you might ask? >debian should support a crypted rootfs right out >of the box. > >i'll try to grasp within a few words, what's necessary to realize this: > >- the international kernel must be introduced as regular > debian packages. >- the boot disks needs to be modified (just do a losetup > on some loopdev, and mount that one instead of the realrootdev) >- of course, there must be an initrd to boot from, > which accepts authentication information. > (this ramdisk has to be placed unencrypted on > the rootfs, so the kernel code has to be circumwented or > the plain data has to be manually decrypted in usermode > to be re-encrypted to the original plain data when flushed > to disk.. easy for EBC mode crypto but harder to > achieve for CBC mode - creative suggestions welcome) >- there must be an alternative passphrase, since i nor > any user will be willing to trust one forgetable phrase. > (how many times have you forgotten your mobil phone pin?) > suggestion: the actual key will be random generated, and > encrypted twice by two different passphrases/keys - one > choosen by the user, one random generated - useful to write on > a piece of paper and hide behind the bookshelf. > >(probably i should crosspost to debian-legal. the >whole non-US issue has been left untouched) > >what do YOU think? >shell debian be the first(?) privacy enhanced distro? > >clemens > >^* SAWFASP = searched archives without finding a similiar >posting > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >