Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, Jan 24, 2011 at 17:47, Andrew McGlashan < andrew.mcglas...@affinityvision.com.au> wrote: > Hi, > > > Thomas Nguyen Van wrote: > >> Correct me if I'm wrong but Mandos only works on a LAN according to the >> technical overview ( >> http://wiki.fukt.bsnet.se/wiki/Mandos#Architectural_Overview

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Hi, Thomas Nguyen Van wrote: Correct me if I'm wrong but Mandos only works on a LAN according to the technical overview (http://wiki.fukt.bsnet.se/wiki/Mandos#Architectural_Overview). Just a LAN or can it be ANY routeable address, via the Internet? This assumes that the network connectivit

Re: some feedback about security from the user's point of view

On Mon, 24 Jan 2011 17:30:31 +0100, Naja Melan wrote: > We can start with a first step, namely changing the instructions at > http://debian.org/CD/faq/#verify > If someone with the authority of changing the debian website would tell me > that if I wrote a proposition to change those instructions th

Re: some feedback about security from the user's point of view

Hi Alexander, fair play, this is a proposition for a narrowed down search: https://encrypted.google.com/search?num=100&hl=en&lr=lang_en&tbs=lr%3Alang_1en&q=site%3Awww.debian.org+md5+-site%3Awww.debian.org%2FNews+-%22MD5+checksums+of+the+listed%22+-inurl%3Aja.html&aq=f&aqi=&aql=&oq= It yields abo

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Good afternoon, Correct me if I'm wrong but Mandos only works on a LAN according to the technical overview (http://wiki.fukt.bsnet.se/wiki/Mandos#Architectural_Overview). This assumes that the network connectivity is already operational. But how to deal with this when it's not the case: Our ma

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, 24 Jan 2011, Thomas Nguyen Van wrote: > Our company needs to encrypt hard drives on our machines running under Linux > Debian Lenny. If you're serious about this, get a real server (HP, IBM, Dell...) with proper TPM hardware and Linux support. Then, you'll need to do the (not that easy)

Re: some feedback about security from the user's point of view

On Mon, 24 Jan 2011, René Mayrhofer wrote: > Therefore, I strongly suggest to move away from all uses of MD5 and > use SHA-2 (>=256) instead (SHA1 already makes the crypto community No. Let's stick to SHA2-256, please. There are some doubts about how well sha2-512 holds, it may actually be weaker

Re: some feedback about security from the user's point of view

Hi! Am 24.01.2011 14:34, schrieb Naja Melan: >> I think this can be a start: >> http://www.google.pl/search?sourceid=chrome&ie=UTF-8&q=site:debian.com+md5 [..] > should be .org I think Yes, but that still return some 96'000 documents. Even limiting it to english documents of the site www.debian

Re: some feedback about security from the user's point of view

> > I think this can be a start: > http://www.google.pl/search?sourceid=chrome&ie=UTF-8&q=site:debian.com+md5< > http://www.google.pl/search?sourceid=chrome&ie=UTF-8&q=site:debian.com+md5 > > > https://encrypted.google.com/search?hl=en&q=site%3A*debian.org*+md5&aq=f&aqi=&aql=&oq= should be .org

RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:27 +, Jeroen van Dongen wrote: > If your server can reboot without a human being present to enter a > password, what's to stop someone who steals your server to obtain > access to the data? > > > The FDE does NOT protect your data against hackers - if they hack you

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Hi Jonas, Jonas Andradas wrote: however, having to start up the Mandos server in order for the host to start-up could defeat the purpose of Mandos itself, which is supposed to allow servers to start up autonomously, without human intervention. Of course, you could always have your monitoring

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, Jan 24, 2011 at 12:06, Andrew McGlashan < andrew.mcglas...@affinityvision.com.au> wrote: > Jonas Andradas wrote: > >> In particular, both "mandos" and "mandos-client" have Debian packages >> available. >> >> [1] http://www.fukt.bsnet.se/mandos >> > > That sounds interesting, but why not ru

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, Jan 24, 2011 at 11:22, Jeroen van Dongen wrote: > > Hello Thomas, > > > > as Jeroen already said, the problem with this is that if they steal only > the hard-drive, the data should be safe. Instead, if they steal the > whole > server (which is somewhat harder, but not impossible), they o

Re: some feedback about security from the user's point of view

Hi all, Another indicator that I believe should be taken care into consideration, is the fact that Microsoft is using SHA256 or better in all new application for a while now. They do have a post [1] in their Secure Development Lifecycle blog stating their stance regarding cryptography and banning

Re: some feedback about security from the user's point of view

Am Montag, 24. Januar 2011, um 11:29:25 schrieb AK: > While the attack sequence presented is valid, in practice, given that > there are a lot of "Debian based" distributions out there, wouldn't this > be caught somewhere down the line? I wouldn't count on it, unfortunately - I have been working on

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Jonas Andradas wrote: In particular, both "mandos" and "mandos-client" have Debian packages available. [1] http://www.fukt.bsnet.se/mandos That sounds interesting, but why not run the Mandos server ONLY when you are restarting machines. The Mandos server could be a tiny VM or even a boot f

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Morning Jeroen, Jonas and all who took the time to answer my question, Thanks a mil for your help and will see how to implement this Mandos solution with LUKS in our context. Best regards, Thomas NGUYEN VAN - Original Message - From: "Jeroen van Dongen" To: "Thomas Nguyen

RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

      > Hello Thomas,  >   > as Jeroen already said, the problem with this is that if they steal only the > hard-drive, the data should be safe. Instead, if they steal the > whole > server (which is somewhat harder, but not impossible), they only need it to > boot and the BIOS would decrypt the

Re: some feedback about security from the user's point of view

Hi all, While the attack sequence presented is valid, in practice, given that there are a lot of "Debian based" distributions out there, wouldn't this be caught somewhere down the line? Having said that, I fully agree that MD5 should no longer be recommended. On 01/24/2011 09:42 AM, René Mayrhof

Re: some feedback about security from the user's point of view

Hello, I think this can be a start: http://www.google.pl/search?sourceid=chrome&ie=UTF-8&q=site:debian.com+md5 Regards, -Maurycy On 2011-01-24 10:40, Alexander Reichle-Schmehl wrote: Hi! Am 23.01.2011 18:34, schri

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, Jan 24, 2011 at 09:51, Thomas Nguyen Van wrote: > Morning Jeroen, > > Thanks for your quick reply. I agree with you in general, Software FDE does > not protect your datas. > > However, in this Seagate solution (ATA Security and/or Drive Trust), we > have a hardware FDE which is faster. As

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Morning Matthieu, Thanks for your quick feedback much appreciated ! ^_^ Indeed, the FDE solution depends on your motherboard's technology and can't be implement on any standard motherboard. :o) Thanks a lot for your help on this. Thomas NGUYEN VAN - Original Message - From: "Mathie

Re: some feedback about security from the user's point of view

Hi! Am 23.01.2011 18:34, schrieb AK: > 2) Regarding MD5, while indeed it has been broken, is it not sufficient > for simple checksumming purposes? [..] Having said that, I am all for the use > of > SHA256 or better in all newer examples/hashes, I cannot stress how > strongly I agree, even for th

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On Mon, Jan 24, 2011 at 09:31:33AM +0100, Yves-Alexis Perez wrote: > > However, this solution only works under windows !! They don't plan to > > support under linux such a disk. :o( > > If everything is handled by the BIOS, why would it be OS-dependent? I'd have thought this is because the BIOS h

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Morning Yves Alexis, Thanks for your very quick reply. Actually, the most important content of the hard drive is replicated every 5 minutes so that if the hard drive crash or the motherboard crash, it is less important than a leak of information. I was more more interested by an hardware soluti

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Morning Jeroen, Thanks for your quick reply. I agree with you in general, Software FDE does not protect your datas. However, in this Seagate solution (ATA Security and/or Drive Trust), we have a hardware FDE which is faster. As far as I understood, it seems that it is possible to store the p

RE: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

If your server can reboot without a human being present to enter a password, what's to stop someone who steals your server to obtain access to the data?    The FDE does NOT protect your data against hackers - if they hack your running system, they have access to all data that your application ha

Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Hi Thomas Actually I do have a Thinkpad with an FDE SSD from Toshiba with a similar concept as I was able to understand it. I've looked over the doc and Seagate offers 2 ways how to access the drive: Either by software driver (which is OS dependent) or use BIOS integration which is then OS-inde

Re: Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

On lun., 2011-01-24 at 08:14 +, Thomas Nguyen Van wrote: > Good morning > Our company needs to encrypt hard drives on our machines running under > Linux Debian Lenny. > Seagate proposes FDE solutions with Momentus 5400 and/or 7200 > (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_mom

Question related to FDE (Full Disk Encryption) solution under Linux Debian Lenny

Good morning Our company needs to encrypt hard drives on our machines running under Linux Debian Lenny. Seagate proposes FDE solutions with Momentus 5400 and/or 7200 (http://www.seagate.com/docs/pdf/fr-FR/whitepaper/mb595_2_momentus_fde_sed_ii_sq_kit.pdf) This solution is very interestin