On 11/20/13 07:36, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
It's not that easy. Trouble is that you need to also prevent
inconsistent rollback and for this you need to have a hash tree. Then
since power failure is a possibility you need this tree to be consistent
at every moment. Those issues
On 21.11.2013 20:34, Ralf Ramsauer wrote:
> On 11/21/13 16:31, Vladimir 'phcoder' Serbinenko wrote:
>>
>> Why do you need offset and size options? keyfile option should be
>> repeteable. The whole array would be passed down and file would be
>> opened instead before reading password and concatebate
On 11/21/13 16:31, Vladimir 'phcoder' Serbinenko wrote:
>
> Why do you need offset and size options? keyfile option should be
> repeteable. The whole array would be passed down and file would be
> opened instead before reading password and concatebated with it unless
> --no-password was specified a
Why do you need offset and size options? keyfile option should be
repeteable. The whole array would be passed down and file would be opened
instead before reading password and concatebated with it unless
--no-password was specified as well. If you have remaining questions feel
free to ask here or o
On Wed, 20 Nov 2013 08:36:40 +0100
Vladimir 'φ-coder/phcoder' Serbinenko wrote:
> On 20.11.2013 08:02, Glenn Washburn wrote:
> > On Wed, 20 Nov 2013 06:48:40 +0100
> > Vladimir 'φ-coder/phcoder' Serbinenko wrote:
> >
> >> On 20.11.2013 06:43, Glenn Washburn wrote:
> >>> Modifying the cipher tex
On Tue, 19 Nov 2013 22:42:27 -0800
Elliott Mitchell wrote:
> On Tue, Nov 19, 2013 at 11:43:12PM -0600, Glenn Washburn wrote:
> > On Tue, 19 Nov 2013 17:55:40 -0800
> > Elliott Mitchell wrote:
> >
> > > On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote:
> > > > I've had this setup e
On 20.11.2013 08:02, Glenn Washburn wrote:
> On Wed, 20 Nov 2013 06:48:40 +0100
> Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>
>> On 20.11.2013 06:43, Glenn Washburn wrote:
>>> Modifying the cipher text just
>>> manifests as random data corruption of the plain text device, again
>>> not a secur
On Wed, 20 Nov 2013 06:48:40 +0100
Vladimir 'φ-coder/phcoder' Serbinenko wrote:
> On 20.11.2013 06:43, Glenn Washburn wrote:
> > Modifying the cipher text just
> > manifests as random data corruption of the plain text device, again
> > not a security issue and nothing that signatures would preven
On 20.11.2013 07:42, Elliott Mitchell wrote:
> On Tue, Nov 19, 2013 at 11:43:12PM -0600, Glenn Washburn wrote:
>> On Tue, 19 Nov 2013 17:55:40 -0800
>> Elliott Mitchell wrote:
>>
>>> On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote:
I've had this setup ever since grub had LUKS s
On Tue, Nov 19, 2013 at 11:43:12PM -0600, Glenn Washburn wrote:
> On Tue, 19 Nov 2013 17:55:40 -0800
> Elliott Mitchell wrote:
>
> > On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote:
> > > I've had this setup ever since grub had LUKS support, except for the
> > > signature checking.
On 20.11.2013 06:43, Glenn Washburn wrote:
> Modifying the cipher text just
> manifests as random data corruption of the plain text device, again not
> a security issue and nothing that signatures would prevent.
It's a security threat. Imagine you have somewhere a routine which
verifies SSH-key whe
On Tue, 19 Nov 2013 17:55:40 -0800
Elliott Mitchell wrote:
> On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote:
> > I've had this setup ever since grub had LUKS support, except for the
> > signature checking. I don't really see the point of checking
> > signatures if the kernel and
On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote:
> I've had this setup ever since grub had LUKS support, except for the
> signature checking. I don't really see the point of checking
> signatures if the kernel and initrd are encrypted.
You're setting yourself up for a *lot* of pain
On Wed, 20 Nov 2013 00:43:37 +0100
Ralf Ramsauer wrote:
> Hi,
>
> yesterday I realised, that GRUB is already supporting LUKS and even
> simple DSA signature checking.
>
> I was thinking about the following setup:
> - fully encrypted harddisk (LUKS) (incl. rootfs).
> - no bootloader on hardd
Hi,
yesterday I realised, that GRUB is already supporting LUKS and even
simple DSA signature checking.
I was thinking about the following setup:
- fully encrypted harddisk (LUKS) (incl. rootfs).
- no bootloader on harddisk
- kernel + initrd inside encrypted partition
- optionally: signatu
15 matches
Mail list logo
