Hola, trozo de madera...
> I think what you mean is to encrypt a "file system", e.g. /dev/sd0j,
> say. (just a question of terminology). The thing made with "newfs".
> Not the thing made with "fdisk".
another problem, I realise now, is that the partition must have
exactly the same size as the file... this is a pain, because I'd have
to modify the script everytime
>
> Sounds like CERN ;-)
you're geographically close indeed, but not
> > the file itself, which is nice but it'd take some 1-2 hours to encrypt
> > everything and then I would just forget about backup (you know, the
>
> Also your long encrypt time interests me. I think it's way too
> long, unless you are in need of some sort of long-term
> military-government-criminal (three near synonyms) grade of encryption.
Woodchuck, I am really starting to appreciate you a lot. Thanks for
the comment (not joking here)
As for the algorithm (this is what you ask for, right?) here you are it:
mcrypt -a rijndael-256
:) I guess this fits your long adjective
Yes, I could reduce the grade but... I am paranoid!! AREN'T YOU??
> I think mcrypt using a fast stream cipher may be adequate. Compared
> to the time for zipping, it should be almost negligible.
with that algorithm is totally the other way round... gzipping is a kid's play
>
> I've never fussed around with vnconfig, but am willing to give it
> a try tonight.
look forward to your Chinese comments
>
> Is the USB disk a "flash" ("thumb") drive or the kind that spins
> around? How fast is the laptop?
it spins, it's a heavy hard disk, some 250GB and the laptop: 1.2Ghz and 1GB RAM
>
> Notes on vnconfig... the "K" option is poorly documented.
> The minimum numbre of passes is 1000, and the salt file needs
> to be 128bytes. You can let it create a salt file by giving
> it the name of a file that does not exist. It will fill it with
> (pseudo?) randomness. Keep the salt file handy.
I am really ruling out vnconfig... too many caveats
> directory is always bad, some kind of security risk. Configuration
> directories are bad enough.
that's why I have a /home/pau/config_files and all my .rc pointing to
it: E.g. in .zshrc
source ~pau/config_files/zsh/zsrc
so that I don't "forget" anything when I leave a system. In my config
files you can find a lot of things. config_files is of course
protected but I can't do anything against root, of course. I think I
must cope with that.
> Show the admin how to properly wipe a disk.
> (dd if=/dev/zero of=/dev/rsdxxx) is probably enough for casual use.)
The admin and myself... give me a breath, I am reading the absolute
but need a while to catch up!
Still not "paranoiacly" bad for a GNU/Linux user, right?
Pau
_______________________________________________
Openbsd-newbies mailing list
[email protected]
http://mailman.theapt.org/listinfo/openbsd-newbies
