[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Installed Secure [was Re: Trying to set up root encryption with loop-AES on SuSE 9.1]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 26 July 2004 11:37 pm, Christian wrote:
> BTW, does someone understand why no flavor of UNIX I'm aware of and no
> Linux distribution offers integrated root encryption?
There is no such thing as point and click root encryption on Linux yet. We
have started offering Installed Secure laptops, servers etc. with Loop-AES
encryption with Gentoo, SuSE, Mandrake and Debian.
We follow good installation procedures, use firewalls, disable all but needed
services, use qmail and any keys we generate remain only on the customers
computers/USB keys. We plan to provide detailed information on a wiki (if you
need more information than Jari's comprehensive Readme) for anyone wanting to
do it themselves - which is the best way, you don't have to trust a third
party (other than the code). We also sell hardware without operating
systems.
We are also offering UML hosting with Loop-AES encrypted data partition (on a
file backed virtual disk). Customers can generate their own keys and move
them in and out via ssh. Our site runs in such an UML instance.
Laptops: http://www.rayservers.com/catalog/index.php?cPath=21
UML Hosting: http://www.rayservers.com/catalog/index.php?cPath=28
We hope to grow rapidly and are adding product to our site as fast as we can.
Jari, many thanks for your excellent work and I hope that the mainline
cryptoloop is eventually replaced with Loop-AES. I have tried many
combinations including file backed containers inside an encrypted partition
without problems (despite seeing your warnings about file backed containers).
Speaking of which, it would be great if pam_mount and loop-aes could be used
together in multi-key mode. Single key mode with openssl encrypted random
keys using the login password for automatically mounted file backed
containers works well. If either pam_mount would support pgp based multi-key
mode or losetup could be used with -p0 and multi-key input, this would be
excellent.
rayServers is committed to supporting open source, we have already offered
help to the Gentoo project. Jari, I have seen in the archives that you refuse
any contributions, but one of the projects that I would like to see become
mainstream is loop-aes. Let me know if I can help in any way.
Customers can purchase Installed Secure products with good privacy when
shipped to a US based address - we accept many "digital currencies" that
offer excellent privacy (unlike credit cards) such as pecunix.com 1mdc.com
e-gold.com netpay.tv evocash.com etc. We only need a name and shipping
address for such orders. UML hosting can be practically anonymous except for
an email address. We prefer not to handle your personal information and you
can contact us securely using PGP/GnuPG as well as several web based secure
email options linked in the footer of our site. See our site for more details
including an Export FAQ.
Best regards,
- ---Venkat.
- ---------------------------------------------------------------------------------------
Venkat Manakkal
venkat_AT_rayservers.com https://www.rayservers.com/keys/0x12430522.asc
+1-607-546-7300 http://www.rayservers.com/ Computers. Installed Secure.
- ---------------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFBBqSwWdkW/RJDBSIRAg+gAJ4yFE+wLHx73QK1cRFT+exPaA+MzwCguujo
YCNCWFbZkWos3hmmXkYKVI0=
=x1lU
-----END PGP SIGNATURE-----
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/