SAWFASP^* as laws around the globe are forged to weak personal privacy, police knocking on one's door, because of portscanning a previously hacked website, and - i don't have to tell those of you, which are reading slashdot - as pretty strange things start to happend worldwide, i'm getting somewhat nervous about my data safety.
what i'm aiming at, you might ask? debian should support a crypted rootfs right out of the box. i'll try to grasp within a few words, what's necessary to realize this: - the international kernel must be introduced as regular debian packages. - the boot disks needs to be modified (just do a losetup on some loopdev, and mount that one instead of the realrootdev) - of course, there must be an initrd to boot from, which accepts authentication information. (this ramdisk has to be placed unencrypted on the rootfs, so the kernel code has to be circumwented or the plain data has to be manually decrypted in usermode to be re-encrypted to the original plain data when flushed to disk.. easy for EBC mode crypto but harder to achieve for CBC mode - creative suggestions welcome) - there must be an alternative passphrase, since i nor any user will be willing to trust one forgetable phrase. (how many times have you forgotten your mobil phone pin?) suggestion: the actual key will be random generated, and encrypted twice by two different passphrases/keys - one choosen by the user, one random generated - useful to write on a piece of paper and hide behind the bookshelf. (probably i should crosspost to debian-legal. the whole non-US issue has been left untouched) what do YOU think? shell debian be the first(?) privacy enhanced distro? clemens ^* SAWFASP = searched archives without finding a similiar posting
