Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Sep 2014, 04:18
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge » Multi-session live-CD/DVD
Encrypted multi-session?
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Mon 25 Jul 2005, 19:47    Post_subject:  Encrypted multi-session?  

Hi all.

Is it possible to set the multisession CD so that it uses an encrypted file system?

I managed this on my USB stick and it worked fine (obviously for pup001). Now with the CD I would like to have some degree of privacy in case I lose it somewhere, so any files burned onto the CD are secure.

How can it be done, if at all?

Thanks
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 25 Jul 2005, 23:44    Post_subject:  

you can encrypt sensitive data with bcrypt
from the prompt
Code:

bcrypt (name of file)


and then decrypt

Code:
bcrypt (new encrypted file with .bfe extension)


Maybe some smart cooky could make a batch file to encrypt the days files
and then decrypt at the start of the session . . .

Quote:
# bcrypt
Usage is: bcrypt -[orc][-sN] file1 file2..
-o Write output to standard out
-r Do NOT remove input files after processing
-c Do NOT compress files before encryption
-sN How many times to overwrite input files with random data

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Tue 26 Jul 2005, 00:15    Post_subject:  

That's a good point. At present, theoretically, anyone can read anything on your CD.

After giving it about 30 seconds of thought, here's what I came up with: an encryption program, perhaps a DotPup, would be used encrypt files on a file-by-file basis before they were saved to the CD. It would be unnecessary, and probably difficult, to encrypt the entire contents of the CD. An encryption program which encrypts only individual files as required would be easier to make and to use.

You'd have to know to start the decryption program and enter the password first or all you'd see when you clicked on the encrypted file would be garbage.

Perhaps the scheme could include the ability to prompt you to encrypt a plain language file before saving it.

Such an encryption scheme wouldn't be 'transparent' (automatic or always operating in the background) but it would be easy to use and would serve the purpose.

Naturally, if you forgot the password you'd lose everything you'd encrypted.

Edit: I see Lobster beat me to it. Smile

Lobster, how is the password or encryption key given to bcrypt?
Back to top
View user's profile Send_private_message 
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Tue 26 Jul 2005, 05:17    Post_subject:  

Thanks - looks like it might be something that we could build in for the future.

I always liked the idea of my USB Puppy being safe to lug around and not get too bothered if I lost it. This would be great if the same were true for multi-session.

I like the idea of encrypting the saved files when puppy does a session save. This sounds the simplest solution.

I will start playing around, but I'm not a guru by any means, so will bow to others superior ability (and ideas)!
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Thu 28 Jul 2005, 11:35    Post_subject:  

Flash wrote:

Lobster, how is the password or encryption key given to bcrypt?


When you from rxvt type

Code:
bcrypt test.txt

it prompts for a password (and then again to confirm)

this creates test.txt.bfe

when you type

Code:
bcrypt test.txt.bfe

it asks for your password
decrypts the file back to test.txt
and deletes test.txt.bfe

try it . . .

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Thu 28 Jul 2005, 16:50    Post_subject:  

Thanks, I will - when I figure out how to get multisession Puppy to work. Confused
Back to top
View user's profile Send_private_message 
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Sun 07 Aug 2005, 16:41    Post_subject:  

Flash

Thanks for having a go at this.

For me there are a couple of questions:
1. Is it better to bcrypt the iso or the files themselves?
2. When reading the sequentially the backups, is there a way to only input the password once?

I guess if you have different passwords for different increments, it would allow you to load or not load certain backups.

I am also toying with encrypted volumes. Not had any success in puppy yet (have on ubuntu and fedora) but there must be a way through the loopback as you used to be able to encrypt pup001. This would allow you to create a volume on another pc and then simply burn the encrypted volume to the multisession disk (- theoretically giving me all my normal PC's files in a secure lump). This is obviously static and cannot be written to, but it would still be useful. Both would be excellent.

These are two different things but with a similar purpose.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Sun 07 Aug 2005, 17:04    Post_subject:  

Mazzo wrote:
Flash

Thanks for having a go at this.
Well, Lobster is the one who answered your question. All I did was shoot my mouth off. Smile

Quote:
For me there are a couple of questions:
1. Is it better to bcrypt the iso or the files themselves?
I don't see how the iso could be encrypted, practically speaking, since decrypting it would require a program running within an OS of some kind. Anyway, why encrypt the OS? It's already available for anyone to download. Just encrypt the files you don't want anyone else to see. If you lose the CD, all anyone can see without the password is a bunch of garbage if they click on the encrypted file. If nothing prompts for a password, and the file extension doesn't give it away, the thief might not even realize that the garbage was an encrypted file.
Quote:
2. When reading the sequentially the backups, is there a way to only input the password once?
I'm not familiar with bcrypt. You'll have to try it and see. Smile
Back to top
View user's profile Send_private_message 
Guest
Guest


PostPosted: Sun 07 Aug 2005, 18:24    Post_subject:  

Hi again

I meant the incremental iso. The files are written using mkisofs, then that is copied onto the CD.

There is no need to do anything with the puppy iso. If they can't give the password for the increments, then they would get a raw system with no private data.

I have played around with bcrypt. Seems to work well. I just have a problem with working out the order of what to encrypt.

Also, does anyone know what system puppy uses to encrypt pup001?
Back to top
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Sun 07 Aug 2005, 19:48    Post_subject:  

Ooops! Thought I was logged in. The above is from me.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Sun 07 Aug 2005, 20:43    Post_subject:  

Mazzo wrote:

Hi again

There is no need to do anything with the puppy iso. If they can't give the password for the increments, then they would get a raw system with no private data.

Maybe that's why multisession Puppy never worked for me. Do you mean ms Puppy encrypts the pup001 file by default? If so I missed it asking me for a password when I shut it down for the first time and that's why it doesn't boot with the saved data.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 07 Aug 2005, 22:00    Post_subject:  

another possibility that may suit is using the tinylogin program (have not used it) but it should be in the help section (start /help) on the Puppy menu
_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Mon 08 Aug 2005, 09:58    Post_subject:  

Flash wrote:



Maybe that's why multisession Puppy never worked for me. Do you mean ms Puppy encrypts the pup001 file by default? If so I missed it asking me for a password when I shut it down for the first time and that's why it doesn't boot with the saved data.


No. It doesn't on multisession, just on the usb or hard drive version.

Lobster - haven't looked at tinylogin but will do so now. That might be the way to go with a completely encrypted disk - which is not ideal in my view.

The easiest way would be to encrypt the incrementals.

Barry, if you read this, can you let me know what you used on the usb versions of pup001 to encrypt them?

Thanks
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11069
Location: Arizona USA

PostPosted: Wed 10 Aug 2005, 15:19    Post_subject:  

Here ya go.
Back to top
View user's profile Send_private_message 
Mazzo

Joined: 19 Jul 2005
Posts: 26
Location: UK - Thames Valley

PostPosted: Wed 17 Aug 2005, 17:54    Post_subject:  

Still not getting far.

Flash, you linked me to my other post!

I have ideas, but I'm really struggling. If someone could work with me who is better at scripting than me, we could possibly move it forward.

I think that the way to do it is this:
1. All the identified changed files (as per the shutdown-script in rc.reboot-cd) could be tar 'd into a single file (perhaps named in the same way using the date and time system that the normal incremental back-ups use).
2. That file could then be bcrypted
3. and finally the encrypted file sent to mkisofs and burned to CD.


4. On start-up, the script would need to try to read either unencrypted folders (the usual back-up files) and any bcrypted files (or even both).

The bcrypted files would need to be decrypted into ram and then the resultant tar'd file, untarred.

I can see the process, but I'm lacking the ability to get it to work.

Hopefully someone out there will have the ability....... Idea

I know this isn't really solid security - on line you are vulnerable, if it uses swap, or even if you leave it on and go off for a coffee it isn't safe, but it would solve the problem of leaving it on the bus and having all your emails and files readable by anyone who finds it.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Advanced Topics » Cutting edge » Multi-session live-CD/DVD
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0834s ][ Queries: 12 (0.0049s) ][ GZIP on ]