RE: Ubuntu ISO Testing team: New build > notification-why encryption support is needed
On Wed, November 30, 2011 11:35 am, Luke Kuhn wrote: > > That's ugly, and means where security is a concern people having to > install from Flash drives may have to dd the drive full of random numbers > and remake the installer from the .iso image after installation. I'm not sure what happened. I did a third install (on the same machine) from the same usb stick and was asked the normal questions. I will try to make it happen again. History: First install with all metas. Install failed because of av lib conflicts. Second install less keyboard setup questions... maybe the disk is checked and the fact that it was after a failed install meant it kept some of the data. Install did not include audio-common and so was successful. Third install got all the normal questions (no data remembered from before). Selected both encrypted partition and encrypted home directory. Did not include audio-common as i wanted what I knew worked. I was not testing audio install but encrypted. Install was ok. On boot I was asked for passkey. On home directory read with file manager I was asked for passkey. On shutdown swap was wiped. Tried mounting drive from normal boot. I can see two partitions, the first (1/4gig) had the boot stuff in it (grub, kernel and initrd) The rest must have had the file system and the swap in it. I was unable to access it. When I tried it asked for the passkey but had an error because my normal drive doesn't have the software to deal with it (I wold guess... thats what the err msg seemed to indicate). I don't see that there is any problem installing encrypted version for testing. The nice thing about unencrypted is that I can read and quote from the log file easily if there are failures. I did not use a strong passkey as I just wanted to see if it worked... I wanted something I could remember (equals less secure). My machine speed was not noticeably affected... the desk seemed to run about the same speed. I didn't have any audio stuff in there and this machine doesn't have great audio anyway. So I didn't test tracking lots of tracks. The install was not much longer either just the extra few steps setting up partitions. Not near as bad as waiting for the net connected apt configuration. -- Len Ovens www.OvenWerks.net -- Ubuntu-Studio-devel mailing list Ubuntu-Studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
RE: Re: Re Re: Ubuntu ISO Testing team: New build > notification-why encryption support is needed
That's ugly, and means where security is a concern people having to install from Flash drives may have to dd the drive full of random numbers and remake the installer from the .iso image after installation. We need to make ABSOLUTELY SURE that when the installer is used to create an encrypted partition, or to open an existing encrypted partition, that there is no danger of the passphrase or the LUKS hardware key getting stored somewhere. The only way that would happen on purpose would be deliberate sabotage by someone working for some nation's security services and working on the project, so the code should be vetted by at least two people in countries that do not cooperate with oneanother on "security" matters. Mostly accidental stroage would be looked for, say in something other than a ramdisk used for temporary storage. This would be an issue for Ubuntu as a whole, not for Ubuntustudio or any other derivative unless that part of the installer is changed or someone creates a security-focussed distro. Going to a 750MB installer image for default Ubuntu will certainly complicate that, for Ubuntustudio it's always been a DVD/flash requiring image anyway. Until this is proven safe I suggest installing from DVD's-or from camera cards in card readers with the write-protect slide set to read-only. > Date: Tue, 29 Nov 2011 20:34:19 -0800 > From: "Len Ovens" > To: "Ubuntu Studio Development & Technical Discussion" > > Subject: Re: RE Re: Ubuntu ISO Testing team: New build > notification-whyencryption support is needed > Message-ID: > <1ecacbb7895b4c75d95d1a040a0ec561.squir...@www.ovenwerks.net> > Content-Type: text/plain;charset=iso-8859-1 > There seems to be some info stored from boot to boot on the install disk > if it is writeable. The second time I don't get asked as many keyboard > questions. > > -- > Len Ovens > www.OvenWerks.net > > -- Ubuntu-Studio-devel mailing list Ubuntu-Studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
Re: RE Re: Ubuntu ISO Testing team: New build notification-why encryption support is needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/11/11 04:10, Luke Kuhn wrote: > Yes there is a reason why encryption would be used with ubuntustudio: > Dissident, protest and political opposition media makers. Just to say that I agree with the points Luke makes. Full-disk encryption is essential for a lot of media producers - I would go as far as to suggest that it should be the default for any new installation. This would also give US an edge over some of its rivals, for example the otherwise excellent AVLinux can't/won't install over luks/dmcrypt/lvm2. I've only noticed a performance hit when using massively multitracked ardour sessions (which I now do on an unencrypted partition that gets shredded after mixdown), but for routine use on a modern machine the bottlenecks for data transfer seem to be elsewhere. Keep up the good work everyone - thanks for all of it. Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJO1mh0AAoJECivkG/nESo7DlYP/R2LglaspH9lgvYZv27s4Jdf +EmtnrxwP2hgkuI0RpfH2Wg+wYRoneEdm4ZekBJh1vEWgxIyfOqpTlt/5tWstFFO BoSeMWHretXuQrZ6XqiKeCBXg9D4kvbsT+jG4W/7aVicqhUiwssbNPwRXSOK8NbT Sjk83LylwiwvAQeBtUzR/zDWkouFLVtzGemCnvx1N3C9E9UrAxGLQGfQPgB/hRpu xREgJz23qKMKQhFrap9ikuU4LFthrgK8Nhc2HJJyYShK6v1+VQ1+zqu3Ir7aYqG3 GsozPgCMFs6Va/qiKz4PIkToxo0sdUodl4XkV8ERCtJbitNht1VOpxXPtzL3p3Rx /qhlFdMzmZXcEWD62MyZQ2gbPlXmQfqW5xIO6OLxt8E/mkMasDm44FqbH+FIDSjf GhpbYj5kFM1GVtbeEjUJDUfOEG0cni6IK+YhuvWl1/IYjVXBmA7fHFx6avcgtNKp WvVrWisuRTLwP6KOmLvoHgukzlMOQ6g9zgodJlBQOXMxK6UEK9z6EFIMUMbU0bbi duDomGaNxKmsJimAlwpv+youyc+dOblHprheKvLiZv9WR6aBMhGuCd2JNgQeDQpQ H/8NKG0GOUHKwybfmLBcDtVhF5aDewR3b37mIaJV1KgTkY4Lsus63mfaJIa8UF9n 55vwrWmSI1F8vOXZkeP/ =O703 -END PGP SIGNATURE- -- Ubuntu-Studio-devel mailing list Ubuntu-Studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
Re: RE Re: Ubuntu ISO Testing team: New build notification-why encryption support is needed
On Tue, November 29, 2011 8:10 pm, Luke Kuhn wrote: > > Yes there is a reason why encryption would be used with ubuntustudio: > Dissident, protest and political opposition media makers. I make video and > audio news and opinion media for progressive movements in the US. There > have been grand jury subpeonas (which people like me do NOT comply with) > and police raids on activist media maker's homes. One of those raids in > 2008 stole a computer with Ubuntustudio Hardy from my house-fortunately > one with the media files on an encrypted partition! They never returned > for a second computer or hard drive, other evidence suggests they were > never able to penetrate the encryption. Point taken. I am not as politically active, but, I do see personal freedoms going away at great speed... and perhaps a day in the not too distant future where the whole internet is held together by a non-isp mesh (wireless or otherwise). I will do every other test encrypted... though I think it is only the home directory that the switch turns on. There seems to be some info stored from boot to boot on the install disk if it is writeable. The second time I don't get asked as many keyboard questions. -- Len Ovens www.OvenWerks.net -- Ubuntu-Studio-devel mailing list Ubuntu-Studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
RE Re: Ubuntu ISO Testing team: New build notification-why encryption support is needed
Yes there is a reason why encryption would be used with ubuntustudio: Dissident, protest and political opposition media makers. I make video and audio news and opinion media for progressive movements in the US. There have been grand jury subpeonas (which people like me do NOT comply with) and police raids on activist media maker's homes. One of those raids in 2008 stole a computer with Ubuntustudio Hardy from my house-fortunately one with the media files on an encrypted partition! They never returned for a second computer or hard drive, other evidence suggests they were never able to penetrate the encryption. Other dissidents in other nations have it even worse. In some countries, a dissident media maker with an unencrypted machine could get people killed. In my country he could get someone called before a Grand Jury or arrested and charged with any of a variety of offenses. Therefore, photographic, video, and audio workflows need to be on fully encrypted sytems in my line of work, without every activist media maker having to learn to be a hacker as well, like I had to (but would have anyway). All of my systems are encrypted, for obvious reasons. When I did my 64 bit reinstall from a vanilla Ubuntu disk I had no trouble installing to existing encrypted partitions, but then had to wait over 5 hours for all the media software I use to download over a slow connection. That was followed by hours of custom configuration, all of which a default Ubuntustudio install (like what I started from in Gutsy so long ago) saves typical end users. Due to dangers facing some media makers (even mainstream media in some places) there needs to be as litle deterrent as possible to a new user selecting encryption, otherwise people in positions like my own, setting up for the first time and never having faced a police raid, will say "why bother" until it is too late. I've seen entirely too much of that, and that's what keeps the raids coming. While "anybody" can install Ubuntu, Ubuntustudio or any other distro on encrypted disks themselves, that's not the same as anybody who is simply an end user making media being able to do so. Unfortunately I do not have the Internet bandwidth anywhere (at home of on the road) to routinely download and test entire disk images every few days or I would handle this one myself. I would guess that simply making sure nothing happens to the partitionining or encryption portion of Ubuntu'd default "alternate disk image" should keep this working. Yes, encryption does slow down disks, but with any processor sufficient to handle modern video editing there is plenty to handle encryption. I even got away with root filesystem encryption on an expendable Pentium II laptop I took on an especially hairy out-of-town mission! Also, the newest "sandy bridge"(Intel) and "bulldozer" (AMD) all have the AES-ni instruction set to speed up disk encryption. Haven't tried one of these chips, and I don't know if there are hardware issues with AES-NI that would compromise security either. The only time I see encryption slowing my disks down on my Phenom II X4 video editing machines is when copying a filesystem from one partition of an SSD to another. Then I get about half processor usage as the fast disks push encryption hard. If a RAID is needed for uncompressed HD video or a big multitrack job, I can see this being a problem. If a big enough ramdisk isn't possible and an unencrypted volume has to be used, I would then have to wipe the whole thing afterwards, with zeros after each job, random numbers after any "heavy" job" and making sure the partition is just big enough for the largest projects, so as to force overwriting the space used by previous work and then zeroed out. That's how I treat camera cards, given the lack of encrypted cameras. I can also destroy them if I ever get trapped with a "loaded" camera. As for encryption slowing down a portable laptop with less CPU, laptops are routinely stolen or "stolen" and need encryption the most. A good friend had three stolen in a suspicious "burglary" while guests were in town, good thing they were all encrypted! One last issue-you may ask "why encrypt the binaries?" The answer is that that is the only thing that can write protect them when an attacker mounts the disk from his own live USB stick. It is a lot easier to verify the boot partition with a hash check (there are ways to do this, none of them simple but I use them)than an entire operating system, and there are a lot fewer places in /boot for a keylogger to hide than in the whole operating system. > On Tue, November 29, 2011 8:00 am, qatrac...@stgraber.org wrote: > > A new build of Ubuntu Studio Alternate i386 is ready for testing! > > Version: 2029.1 > > Link: http://91.189.93.73/qatracker/milestones/205/builds/7263/testcases > > > Also, is there any reason to test case two (encrypted disk)? It would seem > to me that this would slow down di