[148078] in cryptography@c2.net mail archive
Re: [Cryptography] CD bootable Linux (was randomness +- entropy)
daemon@ATHENA.MIT.EDU (Johnathan Corgan)
Thu Nov 7 15:54:31 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 07 Nov 2013 12:42:05 -0800
From: Johnathan Corgan <johnathan@corganlabs.com>
To: Thierry Moreau <thierry.moreau@connotech.com>,
Jerry Leichter <leichter@lrw.com>
In-Reply-To: <527BA9A2.1030404@connotech.com>
Cc: Cryptography <cryptography@metzdowd.com>,
John Kelsey <crypto.jmk@gmail.com>, Watson Ladd <watsonbladd@gmail.com>,
RNG mlist <rng@lists.bitrot.info>, John Denker <jsd@av8n.com>,
Theodore Ts'o <tytso@mit.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5586739123249838348==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="u8PcGv5vxP6Bn95RSAT3ecGjWxnLDm7IU"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--u8PcGv5vxP6Bn95RSAT3ecGjWxnLDm7IU
Content-Type: multipart/mixed;
boundary="------------010901050202010006000800"
This is a multi-part message in MIME format.
--------------010901050202010006000800
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 11/07/2013 06:54 AM, Thierry Moreau wrote:
> I would definitely like to see some distribution of required tools and
> scripts for creating a CD bootable Linux with an emphasis on security
> considerations. Obviously, e.g. from this long discussion, the true RNG=
> source would remain an "area for further study."
This is only marginally related, but I recently published a set of
scripts to more easily create bootable DVDs with "full disk encryption":
https://github.com/jmcorgan/cryptubuntu
It basically automates the process of starting with an existing Ubuntu
ISO image, unpacking the ISO filesystem, the initrd, and the root
filesystem, making changes, then repacking everything with the option to
turn the compressed root filesystem into a LUKS volume.
At boot time, the passphrase is queried and the root filesystem is
mounted with both on-the-fly decompression and decryption.
The original use case for this was to enable distribution of business
confidential work product to my clients in a cheap, archivable format
without worry if it gets lost.
However, the use cases are many; it makes a nice Bitcoin cold storage
solution to have the OS and bitcoin (deterministic, SPV) wallet software
along with the bitcoin private keys, stored on encrypted, low-cost,
read-only media.
--=20
Johnathan Corgan, Corgan Labs
SDR Training and Development Services
http://corganlabs.com
--------------010901050202010006000800
Content-Type: text/x-vcard; charset=utf-8;
name="johnathan.vcf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="johnathan.vcf"
YmVnaW46dmNhcmQNCmZuOkpvaG5hdGhhbiBDb3JnYW4NCm46Q29yZ2FuO0pvaG5hdGhhbg0K
b3JnOkNvcmdhbiBFbnRlcnByaXNlcyBMTEMgZGJhIENvcmdhbiBMYWJzDQphZHI6Ozs2MDgx
IE1lcmlkaWFuIEF2ZS4gU3VpdGUgNzAtMTExO1NhbiBKb3NlO0NBOzk1MTIwO1VuaXRlZCBT
dGF0ZXMNCmVtYWlsO2ludGVybmV0OmpvaG5hdGhhbkBjb3JnYW5sYWJzLmNvbQ0KdGl0bGU6
TWFuYWdpbmcgUGFydG5lcg0KdGVsO3dvcms6KzEgNDA4IDQ2MyA2NjE0DQp4LW1vemlsbGEt
aHRtbDpGQUxTRQ0KdXJsOmh0dHA6Ly9jb3JnYW5sYWJzLmNvbQ0KdmVyc2lvbjoyLjENCmVu
ZDp2Y2FyZA0KDQo=
--------------010901050202010006000800--
--u8PcGv5vxP6Bn95RSAT3ecGjWxnLDm7IU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlJ7+x0ACgkQRzB3vGcdoveN2gD/cGCJpwF1mrL9VtWRLwXAbtrY
+4UpHndAh/zUupW0DOUA/32WpgL1ufZyie+0xOGlVf+9QU6SiuDTPIflRzsIy1bt
=z+SY
-----END PGP SIGNATURE-----
--u8PcGv5vxP6Bn95RSAT3ecGjWxnLDm7IU--
--===============5586739123249838348==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5586739123249838348==--
