Re: Creating a encrypted directory during the server installation
Good idea, but if I followed the conversation here correctly, the desire was to minimize the number of windows required for the user to pass through during the installation. Having a window where the user has to do something, that in essence, seems really really random probably isn't the best thing to put in the installer. Would it be possible to delay key generation until the system uptime has reached a certain time or the user specifically requests the key to generated (in which case they can get to hammer on their keyboard). > > On Wed, Sep 24, 2008 at 9:37 PM, Michael Casadevall < > [EMAIL PROTECTED]> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> I've did some work implementing /dev/random in GNU Hurd (yes, yes, I >> know :-P). Static bootups are fairly constant, i.e., poor source of >> entropy, so that is a major problem. However, it might be possible to >> have the user provide or generate entropy (maybe a friendly message >> such as "Ubuntu needs to generate entropy to encrypt your files, >> please bang on the keyboard like a monkey"), or the ability to provide >> a private key from another source like a USB key or something. >> Michael >> >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: http://getfiregpg.org >> >> iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy >> WKQAni0DPfLwUwW39PVklGZ32wCaS0do >> =TGV+ >> -END PGP SIGNATURE- >> >> On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart >> <[EMAIL PROTECTED]> wrote: >> > Hi >> > >> > I was looking at the wikipedia article on /dev/random and /dev/urandom, >> > having previously not used them. The article linked to a paper that >> analyzed >> > the cryptographic procedures of the /dev/random and /dev/urandom in >> linux. >> > The main thing that I took out of paper and the wikipedia article was >> that >> > there was a small concern about the lack of entropy available in >> /dev/random >> > during installs and on livecds. If the key is generated right after a >> > reboot, they may not be sufficiently random. I'm not sure, but this >> could be >> > a thing to consider if keys are going to be generated early in the >> install >> > procedure. Would anyone else consider this a concern? >> > >> > P.S. Sorry if I sent this to someone twice, gmail only replies to the >> last >> > writer and not the list. My apologies. >> >> >> >> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <[EMAIL PROTECTED]> >> wrote: >> >>> >> >>> On 24/09/08 01:43, Dustin Kirkland wrote: >> >>> > That said, let me throw out another perhaps more controversial >> >>> > option... What if we didn't ask, and we just provided ~/Private >> >>> > encrypted by default? If unspecified, the mount passphrase is >> >>> > randomly generated from 128 bits of /dev/urandom. We can do that >> >>> > completely entirely and reliably without adding a screen to the >> >>> > installer, and provide the system administrator user a secure, >> >>> > encrypted location to drop critical data by default on any Ubuntu >> >>> > Server >> >>> When I saw the previous posts come past I wondered if this wasn't a >> >>> better option. Leading by example. >> >>> >> >>> I'm not familiar with how it's created, but could it be "built-in" as >> >>> you suggest and be created when an account is made as part of the >> >>> adduser process? >> >>> >> >>> Could the (initial) pass-phrase be the user's login password? >> >>> >> >>> >> >>> -- >> >>> Onno Benschop >> >>> >> >>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA) >> >>> -- >> >>> ()/)/)()..ASCII for Onno.. >> >>> |>>?..EBCDIC for Onno.. >> >>> --- -. -. --- ..Morse for Onno.. >> >>> >> >>> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - >> >>> [EMAIL PROTECTED] >> >>> >> >>> >> >>> >> >>> -- >> >>> ubuntu-server mailing list >> >>> ubuntu-server@lists.ubuntu.com >> >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> >>> More info: https://wiki.ubuntu.com/ServerTeam >> >> >> > >> > >> > -- >> > ubuntu-server mailing list >> > ubuntu-server@lists.ubuntu.com >> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> > More info: https://wiki.ubuntu.com/ServerTeam >> > >> > > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Hi I was looking at the wikipedia article on /dev/random and /dev/urandom, having previously not used them. The article linked to a paper that analyzed the cryptographic procedures of the /dev/random and /dev/urandom in linux. The main thing that I took out of paper and the wikipedia article was that there was a small concern about the lack of entropy available in /dev/random during installs and on livecds. If the key is generated right after a reboot, they may not be sufficiently random. I'm not sure, but this could be a thing to consider if keys are going to be generated early in the install procedure. Would anyone else consider this a concern? P.S. Sorry if I sent this to someone twice, gmail only replies to the last writer and not the list. My apologies. > > On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <[EMAIL PROTECTED]> wrote: > >> On 24/09/08 01:43, Dustin Kirkland wrote: >> > That said, let me throw out another perhaps more controversial >> > option... What if we didn't ask, and we just provided ~/Private >> > encrypted by default? If unspecified, the mount passphrase is >> > randomly generated from 128 bits of /dev/urandom. We can do that >> > completely entirely and reliably without adding a screen to the >> > installer, and provide the system administrator user a secure, >> > encrypted location to drop critical data by default on any Ubuntu >> > Server >> When I saw the previous posts come past I wondered if this wasn't a >> better option. Leading by example. >> >> I'm not familiar with how it's created, but could it be "built-in" as >> you suggest and be created when an account is made as part of the >> adduser process? >> >> Could the (initial) pass-phrase be the user's login password? >> >> >> -- >> Onno Benschop >> >> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA) >> -- >> ()/)/)()..ASCII for Onno.. >> |>>?..EBCDIC for Onno.. >> --- -. -. --- ..Morse for Onno.. >> >> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - >> [EMAIL PROTECTED] >> >> >> >> -- >> ubuntu-server mailing list >> ubuntu-server@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> More info: https://wiki.ubuntu.com/ServerTeam >> > > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: 8.04-1 won't boot from degraded raid
Based on the beginning of this thread, Michael, it looks to me like you want to boot your degraded raid array anyway (not necessarily remotely, but that would be nice too). I found this forum thread which may or may not be helpful in that respect: http://ubuntuforums.org/archive/index.php/t-634548.html I have not tried this method, but it evidently yielded some success for the people in the forum. Kienan -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Recommended SATA card?
3ware cards are a good choice, and work very well in my experience. On Mon, Jun 16, 2008 at 2:52 PM, Ante Karamatic <[EMAIL PROTECTED]> wrote: > On Mon, 16 Jun 2008 15:35:01 -0500 > "James Dinkel" <[EMAIL PROTECTED]> wrote: > > > The controller is going to be the issue here. Any brands of cards > > that use the same controller are going to be equally supported. You > > could check what controller is on your motherboard and try to get a > > card with that same controller. However, the Promise SATA controller > > is very popular and I *believe* is well supported in linux. > > Promise will bring you bad results. I would suggest 3ware. LSI/Intel > will also work, but as Promise, provide bad results :/ > > Note that I'm talking about RAID cards... > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Ubuntu/Debian will not install, CentOS will [RAID]
Hi Brett, at the company where I work we use a number of 3Ware RAID cards in our servers running Ubuntu. They have worked flawlessly, without the need to install additional kernel modules. The cards run basically all the sata devices, and are set up before Ubuntu is booted or installed (for 3ware it seems to be alt-3 to enter their setup menu after your computer's bios is done with it's job). Additionally, there are source files available with the discs should you feel the need to build a kernel module. On Wed, Jun 11, 2008 at 4:01 AM, Matt Darcy <[EMAIL PROTECTED]> wrote: > Ante Karamatic wrote: > > On Tue, 10 Jun 2008 16:00:42 -0400 > > "Brett Alton" <[EMAIL PROTECTED]> wrote: > > > > > >> This is 3ware 9650SE-2LP raid card and it is only hardware SATA raid > >> card out there. > >> > > > > It's probably the best one, but it's not the only one. 3ware only has > > couple of SATA RAID series(!). > > > > And that card is supported since at least 7.10 version. > > > > > > > the specific card, and the driver they where using would be most > appriciated. The LSI and 3Ware cards do have stock kernel modules, so > I'd be surprised if they where dropped, more so from the server kernel. > > Exact info would be really useful on this. > > Matt > > > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > More info: https://wiki.ubuntu.com/ServerTeam > -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
