Entry 28837 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 28837

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/07/12 [General] UID:1000 Activity:popular

7/12

2003/6/25-26 [Computer/SW/Security] UID:28837 Activity:high

6/25    Does anyone have any day-to-day experience with encrypting
        many (O(100s of MBs)) of files on their hard drives?  For
        instance, if you have a laptop with all of your electronic
        bank statements/etc on it, and wanted to encrypt these with
        a key that you have on a compact flash or something similar?
        I know it is doable, but I'm wondering if it is in a way that
        is still usable?
        \_ why not use an encrypting file system...
                \_ MS EFS has somehighly annoying problems, like making it
                   really easy to accidentally generate new keys (which are
                   not backed up easily.)  Look at CFS under FreeBSD.  -John
           \_ The critical point would still be key management, right?
              You don't want to have the key on the machine if it
              gets stolen, but you still want fairly normal access to
              the files...  Put it on a "secret" web page so that you
              can download it to use?  Or on compact flash?  Does
              anyone do this kind of thing?
           \_ but that would be cheating.
           \_ is there any free/open source encrypted file system?
              \_ pffft.  You might as well just format the drive now.
           \_ Abe's Linux Encrypted Filesystem howto:
              http://www.abeowitz.com/crypto
              Also I've seen similar stuff with windows that uses a
              vxd to add encrypted filesystem support and mounts an
              encrypted block file.
              \_ no relation. -abe
        \_ Just tell your g/f that you look at porn. Stop trying to hide
           it from her.

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/07/12 [General] UID:1000 Activity:popular

7/12

You may also be interested in these entries...

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil

9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil

2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...

Cache (2481 bytes)

www.abeowitz.com/crypto -> www.abeowitz.com/crypto/Last Update: 2/20/2003 What is an Encrypted File System? It is mathematically difficult to decrypt the data in this form, and therefore useless to most people without a password and knowledge of the encryption algorithm. This allows the media storage structure and file names to be seen, while hiding the contents within each file. Each file may be encrypted with a different password and/or algorithm. Given sufficient computing power, I believe all algorithms are crackable. The difference is in the amount of computing power and time the cracker has available to him. In most cases, your data is safe from the average computer geek. In other words, file system encryption is only effective when your data is not mounted. Losetup /sbin/losetup /dev/loop0 test -e blowfish Available keysizes (bits): 128 160 192 256 Keysize: 256 Password: OK, now you have your virtual device. All your data will go through the loop0 device, get encrypted and stored within the file. Formatting Next we need to place a filesystem on that loop device. Note 2: Use '-b 2048' if you plan to make a CDROM image. Follow the directions for the test above EXCEPT when you make the file system, use a '-b 2048'. Note: Do NOT use EXT3, you don't need a journal for read only file systems, it will only take up space. For example: mke2fs /dev/loop0 -b 2048 The block size of 2048 is necessary since the CDROM block size is 2048. Otherwise, you will see a file directory, but the file data will be offset and thus corrupted. Burn the CD Nothing special here: cdrecord dev=0,0,0 speed=12 -v test Using the CD 1. Note: It is best to experiment with a CDRW and a SMALL file first. Encrypt a Block Device or Partition You can encrypt almost any block storage device, including Zip drives, floppy disks and whole hard drives or individual partitons. Note: dd from urandom to the device before you connect it to a loop device. Modifying your /etc/fstab One of my encrypted file system lines looks like this: /dev/hdd /mnt/ezip ext3 encryption=blowfish,user,noauto,rw,loop 0 0 Note that I can add this line for non encrypted zip disks: /dev/hdd /mnt/zip ext3 user,noauto,rw,loop 0 0 When I type 'mount /mnt/zip', I mount the non-encrypted zip disk. Note that with the encrypted devices in your fstab file, you no longer need to use losetup! If EXT2FS formats based on the geometry of the disk, couldn't this information be used to brute force attack the encryption based on the file size and location of the inodes?