[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypted root with loop-aes on a server?

To: linux-crypto@xxxxxxxxxxxx
Subject: Re: Encrypted root with loop-aes on a server?
From: Venkat Manakkal <venkat@xxxxxxxxxxxxxx>
Date: Wed, 27 Oct 2004 08:29:20 -0400
In-reply-to: <417EC311.5060708@g-house.de>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <1317589028.20041026211136@staron.de> <417EC311.5060708@g-house.de>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: KMail/1.6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 26 October 2004 05:35 pm, Christian Kujau wrote:

> what's the point in encrypting the root partition anyway? i know, this

The point is someone at the data center cannot unplug the thing, pop the hard 
drives out and then return them two days later after making a mirror of the 
thing like they did with the Indymedia servers that were stolen from 
rackspace. See http://uk.indymedia.org/ if you have not heard.
 
At least when you get it back you only have to recreate your boot partition 
from a trusted backup and trust the server again. Or let some judicial review 
and due process take place before handing over the keys (if you have a choice 
and are not in some gulag as is so common with our _in_justice system these 
days). Also, if only the client had the keys, then it would leave the ISP out 
of the loop. And again, it would be possible to create a server with 
ephemeral keys so that the data and the server is completely lost if powered 
down. 

I have not had time to work out this configuration with ssh yet. I think a 
better solution is to offer remote console access via blade servers for 
example, so that the client can have full control of the entire process 
remotely and be completely responsible for the server at all times. Anyone on 
this list interested in such a dedicated server solution? (In other words can 
I get some 10 interested people so that it becomes a business proposition?)

Best regards,

- ---Venkat.

- ----------------------------------------------------------------------------
Venkat Manakkal                       
venkat_AT_rayservers.com GPG: https://www.rayservers.com/keys/0x12430522.asc
GPG: 0x12430522/4856 01AB F8BA E0EB F128 A57F 59D9 16FD 1243 0522
+1-607-546-7300 http://www.rayservers.com/ Computers. Installed Secure.
- ----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBf5SgWdkW/RJDBSIRAm63AKDnywaBzmiVS0m9oPEAgcLtPKZLXACeKNZ7
/Ez2IL2ryELsK/+OVsVGqaI=
=bBvb
-----END PGP SIGNATURE-----

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Encrypted root with loop-aes on a server?
  - From: Bodo Staron
- Re: Encrypted root with loop-aes on a server?
  - From: Christian Kujau

Prev by Date: Re: Encrypted root with loop-aes on a server?
Next by Date: Re: [newbie] overviewing the chaos
Previous by thread: Re: Encrypted root with loop-aes on a server?
Next by thread: loop-AES: struct module not found - kernel tainted
Index(es):
- Date
- Thread