Re: Creating a encrypted directory during the server installation
On Wed, Sep 24, 2008 at 11:37:01PM -0400, Michael Casadevall wrote: I've did some work implementing /dev/random in GNU Hurd (yes, yes, I know :-P). Static bootups are fairly constant, i.e., poor source of entropy, so that is a major problem. However, it might be possible to have the user provide or generate entropy (maybe a friendly message such as Ubuntu needs to generate entropy to encrypt your files, please bang on the keyboard like a monkey), or the ability to provide a private key from another source like a USB key or something. Package: randomsound Description: ALSA sound card related entropy gathering daemon Using the low order bit of the ADC output of your sound card, randomsound gathers entropy, debiases it and offers it up to your kernel's random pool. -- Soren Hansen | Virtualisation specialist | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/ signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Hi I was looking at the wikipedia article on /dev/random and /dev/urandom, having previously not used them. The article linked to a paper that analyzed the cryptographic procedures of the /dev/random and /dev/urandom in linux. The main thing that I took out of paper and the wikipedia article was that there was a small concern about the lack of entropy available in /dev/random during installs and on livecds. If the key is generated right after a reboot, they may not be sufficiently random. I'm not sure, but this could be a thing to consider if keys are going to be generated early in the install procedure. Would anyone else consider this a concern? P.S. Sorry if I sent this to someone twice, gmail only replies to the last writer and not the list. My apologies. On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop [EMAIL PROTECTED] wrote: On 24/09/08 01:43, Dustin Kirkland wrote: That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server When I saw the previous posts come past I wondered if this wasn't a better option. Leading by example. I'm not familiar with how it's created, but could it be built-in as you suggest and be created when an account is made as part of the adduser process? Could the (initial) pass-phrase be the user's login password? -- Onno Benschop Connected via Optus B3 at S31°54'06 - E115°50'39 (Yokine, WA) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - [EMAIL PROTECTED] -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've did some work implementing /dev/random in GNU Hurd (yes, yes, I know :-P). Static bootups are fairly constant, i.e., poor source of entropy, so that is a major problem. However, it might be possible to have the user provide or generate entropy (maybe a friendly message such as Ubuntu needs to generate entropy to encrypt your files, please bang on the keyboard like a monkey), or the ability to provide a private key from another source like a USB key or something. Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy WKQAni0DPfLwUwW39PVklGZ32wCaS0do =TGV+ -END PGP SIGNATURE- On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart [EMAIL PROTECTED] wrote: Hi I was looking at the wikipedia article on /dev/random and /dev/urandom, having previously not used them. The article linked to a paper that analyzed the cryptographic procedures of the /dev/random and /dev/urandom in linux. The main thing that I took out of paper and the wikipedia article was that there was a small concern about the lack of entropy available in /dev/random during installs and on livecds. If the key is generated right after a reboot, they may not be sufficiently random. I'm not sure, but this could be a thing to consider if keys are going to be generated early in the install procedure. Would anyone else consider this a concern? P.S. Sorry if I sent this to someone twice, gmail only replies to the last writer and not the list. My apologies. On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop [EMAIL PROTECTED] wrote: On 24/09/08 01:43, Dustin Kirkland wrote: That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server When I saw the previous posts come past I wondered if this wasn't a better option. Leading by example. I'm not familiar with how it's created, but could it be built-in as you suggest and be created when an account is made as part of the adduser process? Could the (initial) pass-phrase be the user's login password? -- Onno Benschop Connected via Optus B3 at S31°54'06 - E115°50'39 (Yokine, WA) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - [EMAIL PROTECTED] -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Good idea, but if I followed the conversation here correctly, the desire was to minimize the number of windows required for the user to pass through during the installation. Having a window where the user has to do something, that in essence, seems really really random probably isn't the best thing to put in the installer. Would it be possible to delay key generation until the system uptime has reached a certain time or the user specifically requests the key to generated (in which case they can get to hammer on their keyboard). On Wed, Sep 24, 2008 at 9:37 PM, Michael Casadevall [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've did some work implementing /dev/random in GNU Hurd (yes, yes, I know :-P). Static bootups are fairly constant, i.e., poor source of entropy, so that is a major problem. However, it might be possible to have the user provide or generate entropy (maybe a friendly message such as Ubuntu needs to generate entropy to encrypt your files, please bang on the keyboard like a monkey), or the ability to provide a private key from another source like a USB key or something. Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkjbB1wACgkQpblTBJ2i2psm4ACfcjq/0QyAV3PARKIgWmfNpdTy WKQAni0DPfLwUwW39PVklGZ32wCaS0do =TGV+ -END PGP SIGNATURE- On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart [EMAIL PROTECTED] wrote: Hi I was looking at the wikipedia article on /dev/random and /dev/urandom, having previously not used them. The article linked to a paper that analyzed the cryptographic procedures of the /dev/random and /dev/urandom in linux. The main thing that I took out of paper and the wikipedia article was that there was a small concern about the lack of entropy available in /dev/random during installs and on livecds. If the key is generated right after a reboot, they may not be sufficiently random. I'm not sure, but this could be a thing to consider if keys are going to be generated early in the install procedure. Would anyone else consider this a concern? P.S. Sorry if I sent this to someone twice, gmail only replies to the last writer and not the list. My apologies. On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop [EMAIL PROTECTED] wrote: On 24/09/08 01:43, Dustin Kirkland wrote: That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server When I saw the previous posts come past I wondered if this wasn't a better option. Leading by example. I'm not familiar with how it's created, but could it be built-in as you suggest and be created when an account is made as part of the adduser process? Could the (initial) pass-phrase be the user's login password? -- Onno Benschop Connected via Optus B3 at S31°54'06 - E115°50'39 (Yokine, WA) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - [EMAIL PROTECTED] -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
I feel compelled to mention one other thing... Often, LVM encryption is *not* an option for servers where unattended booting is absolutely required, as LVM encryption requires a passphrase on startup. With an encrypted ~/Private, no passphrase is required on boot, but rather it's mounted/unmounted on login/logout. That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server. The one challenge, however, is that we'd need to communicate to the user their randomly generated passphrase, which they would need if they needed to take extreme measures at some point to recover their data. :-Dustin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
On 24/09/08 01:43, Dustin Kirkland wrote: That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server When I saw the previous posts come past I wondered if this wasn't a better option. Leading by example. I'm not familiar with how it's created, but could it be built-in as you suggest and be created when an account is made as part of the adduser process? Could the (initial) pass-phrase be the user's login password? -- Onno Benschop Connected via Optus B3 at S31°54'06 - E115°50'39 (Yokine, WA) -- ()/)/)()..ASCII for Onno.. |?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - [EMAIL PROTECTED] -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
for me it make sense to secure the home user directory from other user in the server -Original Message- From: Mathias Gug [EMAIL PROTECTED] To: ubuntu-server@lists.ubuntu.com Subject: Creating a encrypted directory during the server installation Date: Fri, 19 Sep 2008 15:45:24 -0400 Hi, Now that EncryptedPrivateDirectory [1] has been implemented by Dustin Kirkland a new screen has been added to the ubuntu-server installer [2]. The question comes after information for the first user has been gathered (Name, login and password). Does it makes sense to add that step in the ubuntu-server installer ? [1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory [2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png -- Mathias Gug Ubuntu Developer http://www.ubuntu.com Khairul Aizat Kamarudzzaman Ubuntu-my LoCo Member https://launchpad.net/~fenris https://wiki.ubuntu.com/fenris [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
On Monday 22 September 2008 12:09:17 Mathias Gug wrote: The question is not whether encrypted directories are useful in a server environment - they are for specific use cases (login servers, file servers, not so much for database servers, http or mail servers) - but whether it's worth adding an extra step to the installation process asking the user to setup encrypted directories for the system. While I think we need to take a very close look at installer usability in the future, I think that adding htis question makes little difference. It is easy to preseed it and avoid all questions. Rick Clark -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: This is a digitally signed message part. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Maybe it could be setup via tasksel for server deployment? I can see how by default this would be excellent on the Desktop (e.g.: taxes, banking information, private documents, etc.). As a computer repair technician, it is amazing the sense of security when Windows asks the user to enter in a password. If they leave a computer with me and I am to backup their data (to soon wipe them to Ubuntu ;)), they'll call me a day later stating Oh I forgot to give you my password. When I respond, Its okay, I've already retrieved your data and backed it up to DVD. They become shocked and scared that I was able to do so, so easily with an Ubuntu LiveCD. However, if they had a directory that was encrypted, I'd be out of luck in backing up their data without a password. I then proceed to explain this to them and what it means to have a password to an operating system, not a hard drive. So, +1 for me and for all those poor souls that are migrating from Windows to Ubuntu. Lastly, I work part-time/temporary for a school board and am an adviser for a board member on a hospice committee and they would love to hear how easily their nurses and doctors PCs and laptops can be encrypted! As most are currently aware, I apologize for the dumbing down of the situation, but I thought some would like to hear real-world uses and examples on an encrypted directory. But as for the server-side, tasksel would suffice for me because if I didn't want it on the initial install, I may want it at a later time and tasksel would enable me to do that. On Mon, Sep 22, 2008 at 1:09 PM, Mathias Gug [EMAIL PROTECTED] wrote: Hi, On Mon, Sep 22, 2008 at 05:07:59PM +0100, Andrew Hodgson wrote: I doubt I would choose this for my servers - I may add it on at a later time through a command or set of commands. I think that the work done by Dustin is excellent, useful and worth advertising as much as possible. The process to set up encrypted directories has been streamlined a lot thanks to his work. However I wonder if asking the user to setup encrypted directories during the -server installation process is useful. We try to keep the installer as simple and straight forward as possible for the majority of users. Is it worth adding another step to the installation process that covers only a minority of -server use cases ? The question is not whether encrypted directories are useful in a server environment - they are for specific use cases (login servers, file servers, not so much for database servers, http or mail servers) - but whether it's worth adding an extra step to the installation process asking the user to setup encrypted directories for the system. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- Brett Alton [EMAIL PROTECTED] Do you really need to print this email? Help preserve our environment! -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Creating a encrypted directory during the server installation
Hi, Now that EncryptedPrivateDirectory [1] has been implemented by Dustin Kirkland a new screen has been added to the ubuntu-server installer [2]. The question comes after information for the first user has been gathered (Name, login and password). Does it makes sense to add that step in the ubuntu-server installer ? [1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory [2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [ubuntu-server] Re: Creating a encrypted directory during the server installation
If I understand the question correctly, I would vote for the following on server installs: - fewer manual prompts during an installation - less stuff installed by default - easy installation of of features I want after the install is done so I can satisfy all my different use cases I think Ubuntu has done a pretty good job at all of this so far :) Thanks -- Eric Hammond [EMAIL PROTECTED] David Portwood wrote: I would add this, I'm sure we could all come up with valid use cases. David P. - Original Message - From: Mathias Gug [EMAIL PROTECTED] To: ubuntu-server@lists.ubuntu.com Sent: Friday, September 19, 2008 2:45 PM Subject: Creating a encrypted directory during the server installation Hi, Now that EncryptedPrivateDirectory [1] has been implemented by Dustin Kirkland a new screen has been added to the ubuntu-server installer [2]. The question comes after information for the first user has been gathered (Name, login and password). Does it makes sense to add that step in the ubuntu-server installer ? [1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory [2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam