Re Re: Ubuntu ISO Testing team: New build > notification-why encryption support is needed

[Luke Kuhn]

That's ugly, and means where security is a concern people having to install from Flash drives may have to dd the drive full of random numbers and remake the installer from the .iso image after installation. We need to make ABSOLUTELY SURE that when the installer is used to create an encrypted partition, or to open an existing encrypted partition, that there is no danger of the passphrase or the LUKS hardware key getting stored somewhere. The only way that would happen on purpose would be deliberate sabotage by someone working for some nation's security services and working on the project, so the code should be vetted by at least two people in countries that do not cooperate with oneanother on "security" matters. Mostly accidental stroage would be looked for, say in something other than a ramdisk used for temporary storage. 
This would be an issue for Ubuntu as a whole, not for Ubuntustudio or any other derivative unless that part of the installer is changed or someone creates a security-focussed distro. Going to a 750MB installer image for default Ubuntu will certainly complicate that, for Ubuntustudio it's always been a DVD/flash requiring image anyway.
Until this is proven safe I suggest installing from DVD's-or from camera cards in card readers with the write-protect slide set to read-only.

> Date: Tue, 29 Nov 2011 20:34:19 -0800
> From: "Len Ovens" <len at ovenwerks.net>
> To: "Ubuntu Studio Development & Technical Discussion"
> 	<ubuntu-studio-devel at lists.ubuntu.com>
> Subject: Re: RE Re: Ubuntu ISO Testing team: New build
> 	notification-why	encryption support is needed
> Message-ID:
> 	<1ecacbb7895b4c75d95d1a040a0ec561.squirrel at www.ovenwerks.net>
> Content-Type: text/plain;charset=iso-8859-1

<snip>

> There seems to be some info stored from boot to boot on the install disk
> if it is writeable. The second time I don't get asked as many keyboard
> questions.
> 
> -- 
> Len Ovens
> www.OvenWerks.net
> 
> 
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-studio-devel/attachments/20111130/de4608e5/attachment.html>