Re: [Tails-dev] Promoting Persistence features
On 26/11/12 15:05, Marco Calamari wrote: On Mon, 2012-11-26 at 14:41 +0100, intrigeri wrote: 2) adding a change persistence password in Utility menu would be a probably cheap but really useful feature. Doesn't the GNOME Disk Utility allow to change the LUKS volume passphrase already? Perhaps what's needed is some documentation only? Err... the mandatory answer is yes but making this firsthands looks an useful interface characteristic, also to possibly give a warning about theoretical LUKS header persistence as Maxim pointed out in the previous message. A two liner script can do that OTOH this is the neverending issue about how much who write software need and want to protect the user form himself . Seeing that: - intrigeri is the main developer of the persistence wizard and didn't offer himself to add this feature - it needs to come along with a warning regarding Maxim's concern. I also think documentation is the way for it and created a ticket for that, see /todo/document_how_to_change_the_persistence_password. signature.asc Description: OpenPGP digital signature ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Promoting Persistence features
Hi, Marco Calamari wrote (26 Nov 2012 13:03:41 GMT) : I bother again this list after considering the value of such a post. Sorry if my evaluation was bad ... This is totally welcome. Looked to me that in 0.14 the persistence mode worth more advocacy, so I dug a little more the new version and wrote an article for non technical user, that can be summarized as persistece is good, try it If curious, you can find it here http://punto-informatico.it/3654699/PI/Commenti/cassandra-crossing-tails-tutti.aspx I don't read Italian, but I'm very happy to see such an initiative. Thank you! 2) adding a change persistence password in Utility menu would be a probably cheap but really useful feature. Doesn't the GNOME Disk Utility allow to change the LUKS volume passphrase already? Perhaps what's needed is some documentation only? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Promoting Persistence features
On Mon, 2012-11-26 at 15:20 +0200, Maxim Kammerer wrote: On Mon, Nov 26, 2012 at 3:03 PM, Marco Calamari mar...@marcoc.it wrote: 2) adding a change persistence password in Utility menu would be a probably cheap but really useful feature. It would be a misleading feature, since due to wear leveling on solid state media, parts of old LUKS header may be recoverable. On the other hand, it's always possible to add a warning. Agreed, but this is not the only situation adversely affected to solid-state memories. LUKS header fits in a cluster and is normaly unchanged, so his remapping due to the wearing-leveller actions seems at least rare, if ever. And Carol will need to password-crack against all free blocks ... looks really an unreasonable scenario. OTOH having an unchangeable password from a security perspective is IMO simply unacceptable. A lot of user scenarios make this needed, forbid this oblige the user to copy the user area, wipe the media, reformat, reinstall the whole stuff if password is to be changed, and this can be needed for a lot of well-known reasons. We know how to do this from command line, but mr. AverageTailsUser IMO will not ... JM2C. Marco signature.asc Description: This is a digitally signed message part ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Promoting Persistence features
On Mon, 2012-11-26 at 14:41 +0100, intrigeri wrote: 2) adding a change persistence password in Utility menu would be a probably cheap but really useful feature. Doesn't the GNOME Disk Utility allow to change the LUKS volume passphrase already? Perhaps what's needed is some documentation only? Err... the mandatory answer is yes but making this firsthands looks an useful interface characteristic, also to possibly give a warning about theoretical LUKS header persistence as Maxim pointed out in the previous message. A two liner script can do that OTOH this is the neverending issue about how much who write software need and want to protect the user form himself . Marco signature.asc Description: This is a digitally signed message part ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
