headers
newbie | 7 Jun 2004 18:57
Picon

Noob asks: Encrypted Root filesystem with CGD?

hello,

I'm a total crypto and *BSD newbie and this question may sound stupid.
However, maybe some of you find the time to answer.

Is it possible to encrypt the root filesystem with the Cryptographic Disk
Driver under NetBSD?
All I could find is that it is possible to encrypt the SWAP.
http://www.netbsd.org/guide/en/chap-cgd.html
As far as I understood, CGD is similar to the Linux loopback device, main
difference seems to be that it uses a native disk or partition as a backing
store.

Thx for your help.

best wishes, Richard
Permalink | Reply | 2 comments |
headers
Manuel Bouyer | 7 Jun 2004 23:49

Re: Noob asks: Encrypted Root filesystem with CGD?

On Mon, Jun 07, 2004 at 06:57:26PM +0200, newbie wrote:
> hello,
> 
> I'm a total crypto and *BSD newbie and this question may sound stupid.
> However, maybe some of you find the time to answer.
> 
> Is it possible to encrypt the root filesystem with the Cryptographic Disk
> Driver under NetBSD?

No, because there is no way to configure the device, and enter the passphrase
if root isn't mounted. Code needs to be written for that.

--

-- 
Manuel Bouyer <bouyer <at> antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--
Permalink | Reply | 1 comment |
headers
newbie | 8 Jun 2004 03:05
Picon

Re: Noob asks: Encrypted Root filesystem with CGD?


----- Original Message ----- 
From: "Manuel Bouyer" <bouyer <at> antioche.eu.org>
To: "newbie" <tacron <at> gmx.net>
Cc: <tech-crypto <at> NetBSD.org>
Sent: Monday, June 07, 2004 11:49 PM
Subject: Re: Noob asks: Encrypted Root filesystem with CGD?

> On Mon, Jun 07, 2004 at 06:57:26PM +0200, newbie wrote:
> > hello,
> >
> > I'm a total crypto and *BSD newbie and this question may sound stupid.
> > However, maybe some of you find the time to answer.
> >
> > Is it possible to encrypt the root filesystem with the Cryptographic
Disk
> > Driver under NetBSD?
>
> No, because there is no way to configure the device, and enter the
passphrase
> if root isn't mounted. Code needs to be written for that.
>
> -- 
> Manuel Bouyer <bouyer <at> antioche.eu.org>
>      NetBSD: 26 ans d'experience feront toujours la difference
> --
>

Thx for the information :)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matthias Drochner | 16 Jun 2004 15:58
Picon
Picon
Favicon

RAND_file fallback to /dev/urandom


I liked the fact that /dev/urandom was used as random seed file
if ~/.rnd is not present. This got lost when OpenSSL 0.9.7d
was imported.
The appended patch restores this behaviour.
It is OK to commit, or are there general concerns about
such a fallback?

best regards
Matthias


--- randfile.c.~1.9.~	Mon Mar 22 16:08:26 2004
+++ randfile.c	Wed Jun 16 16:42:18 2004
 <at>  <at>  -227,7 +227,7  <at>  <at>  const char *RAND_file_name(char *buf, si
 	{
 	char *s=NULL;
 	int ok = 0;
-#ifdef __OpenBSD__
+#if defined(__OpenBSD__) || defined(__NetBSD__)
 	struct stat sb;
 #endif

 <at>  <at>  -261,20 +261,25  <at>  <at>  const char *RAND_file_name(char *buf, si
 		  	buf[0] = '\0'; /* no file name */
 		}

+#if defined(__OpenBSD__) || defined(__NetBSD__)
 #ifdef __OpenBSD__
(Continue reading)

Permalink | Reply | 0 comments |

Gmane