Creating a encrypted directory during the server installation

Kienan Stewart kienan.stewart at gmail.com
Thu Sep 25 03:28:25 UTC 2008


Hi

I was looking at the wikipedia article on /dev/random and /dev/urandom,
having previously not used them. The article linked to a paper that analyzed
the cryptographic procedures of the /dev/random and /dev/urandom in linux.
The main thing that I took out of paper and the wikipedia article was that
there was a small concern about the lack of entropy available in /dev/random
during installs and on livecds. If the key is generated right after a
reboot, they may not be sufficiently random. I'm not sure, but this could be
a thing to consider if keys are going to be generated early in the install
procedure. Would anyone else consider this a concern?

P.S. Sorry if I sent this to someone twice, gmail only replies to the last
writer and not the list. My apologies.

>
> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <onno at itmaze.com.au> wrote:
>
>> On 24/09/08 01:43, Dustin Kirkland wrote:
>> > That said, let me throw out another perhaps more controversial
>> > option...  What if we didn't ask, and we just provided ~/Private
>> > encrypted by default?  If unspecified, the mount passphrase is
>> > randomly generated from 128 bits of /dev/urandom.  We can do that
>> > completely entirely and reliably without adding a screen to the
>> > installer, and provide the system administrator user a secure,
>> > encrypted location to drop critical data by default on any Ubuntu
>> > Server
>> When I saw the previous posts come past I wondered if this wasn't a
>> better option. Leading by example.
>>
>> I'm not familiar with how it's created, but could it be "built-in" as
>> you suggest and be created when an account is made as part of the
>> adduser process?
>>
>> Could the (initial) pass-phrase be the user's login password?
>>
>>
>> --
>> Onno Benschop
>>
>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA)
>> --
>> ()/)/)()        ..ASCII for Onno..
>> |>>?            ..EBCDIC for Onno..
>> --- -. -. ---   ..Morse for Onno..
>>
>> ITmaze   -   ABN: 56 178 057 063   -  ph: 04 1219 8888   -
>> onno at itmaze.com.au
>>
>>
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20080924/53bc4952/attachment.html>


More information about the ubuntu-server mailing list