[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0



On 21.06.2007 14:03:14, coderman wrote:
> On 6/21/07, Benjamin Schieder <blindcoder@xxxxxxxxxxxxxxxxxxxx> wrote:
> >Since running `dmsetup table' still gives the required line to decrypt the
> >block device and LiveCDs generally do not have a secure `root' account,
> >running `dmsetup remove my_tor_home' after mount should be obvious.
> 
> what about saving changes later?  require re-auth and remount?

The mount will stay (and appear as /dev/mapper/my_tor_home on /home). It's
just the /dev/mapper_my_tor_home device and entry in `dmsetup table' that
will vanish.

> >> key scrubbing and robust key schedule (less data is encrypted per key
> >> than the others) for loop-aes multi-v3 may provide a useful benefit
> >> depending on your needs...
> >
> >The need is a Tor LiveCD.
> 
> intended usage and environment is a better description.  if the LiveCD
> is used for a client only, no long term identity keys stored, than any
> of the above should be fine.  (this sounds like what you envision near
> term).

That's the one. I don't intend to have a Tor server LiveCD.

> 0. pre-boot auth:
> i like to use a small initrd to do this with a kernel configured
> without networking and other unnecessary device support.  pivot_root,
> kexec, and exec init work well in this context...

The good thing is: The ROCK Linux initrd already supports exactly that.
It's how I set up my root-on-raid and encrypted-home-on-raid before
booting the system.


Greetings,
	Benjamin
-- 
The Nethack IdleRPG! Idle to your favorite Nethack messages!
http://pallas.crash-override.net/nethackidle/

Attachment: pgplsluZjeP0X.pgp
Description: PGP signature