Mr. Vozeler, et alia:
It is particularly instructive that of the congress of users and clients
that I frequent with regularity, a notable number have begun to assert
instantiate Ubuntu installations. When queried as to what drove their
compunction to do so, in more than some several cases I received responses
not unlike: Why would I not try it? I get Linux with the "Apple Approach" of
"it just works".
Predicated upon a congress of users whom would exemplify such thought in
their choice for an OS alternative to Windows, or in order to provide a less
costly support driven alternative to other Linux based OS distributions, the
fact that they are driven by this modicum of thought does not and should not
otherwise limit their ability to choose to assert a posture whereby the disk
is fully encrypted from the moment installation reaches finalization.
Is there some reason why kernels could not be built on the fly during
the course of installation capable of supporting the mixture of options that
a user would otherwise build in when rolling their own kernel post install
time?
Additionally, the provisioning of multiple choice kernels onto the
distribution media would provide the user's a choice of options neither
impossible, nor unattractive in being able to engage loop-aes as a potential
encryption software.
However, I do believe the best choice for the future will be TrueCrypt
since it is planned to be supported on MacOS as well as what is already in
force with support for Linux and Windows (thought I do think loop-aes does
appear to be one of the best products available of its kind in the open
source market).
Very Respectfully Submitted,
Stuart B. Tener, IT3, USNR, N3GWG
Teners AT BH90210 DOTT COM
(310) 358-0202
Beverly Hills, CA / Las Vegas, NV / Washington, DC / Philadelphia, PA
On 5/4/07 6:42 PM, "Peter_22@xxxxxx" <Peter_22@xxxxxx> wrote:
> -------- Original-Nachricht --------
> Datum: Fri, 4 May 2007 00:23:17 +0200
> Von: Max Vozeler <max@xxxxxxxxxxxx>
> An: linux-crypto@xxxxxxxxxxxx
>
>>> No, we are far from a distro that asks for a memory stick to save
>>> your root gpg files on it. Very far.
>>
>> What makes you think so?
>
> What makes me so pessimistic about full disk encryption beginning with the
> installation? Well, first the fact that I had to struggle with every single
> SuSE distro since I started with 8.1. Two hours ago I had a (deeper) look at
> Kubuntu 7.04 amd64 regarding its loop-aes capabilities. It was embarrassing. I
> found your name several times when people asked where they may get the
> appropriate packages to build the loop module. As of today:
> - ubuntu lacks loop-aes (feisty)
> - debian (!) packages have to be used as interim solution to get it working
> somehow
> - the ubuntu 7.04 DVD starts a live system where rmmod loop fails
> - not even a successful build of the loop.ko can be verified from within the
> live system
>
> To avoid misunderstandings, I appreciate your engagement in debian and ubuntu!
> My words are not criticism but ubuntu isn´t much closer to loop-aes than SuSE.
>
> With regard to FULL disk encryption I have serious doubts if the majority of
> debian/ubuntu users want such deep interventions in the kernel configuration.
> Up to now I always had to build a special kernel to include vfat, usb, serial
> ata, native language support and the like. For this evening it looks like it
> will remain the same even with debian and ubuntu anyway. Nonetheless, ubuntu
> and SuSE are fine distros with installers that most people are able to use.
> What you build upon this basis remains up to you.
>
>> If they already handle e.g. loading of
>> pre-configuration from floppy or USB media, it may not be much work
>> to extend it for write access and generating/storing the keys.
>
> "USB media" invites me to explain why I am so crazy about this option. USB
> media are no bulky boxes! It is more like this:
> Dimensions: 15mm x 11mm x 1mm(L x W x D)
> http://sandisk.com/Products/ProductInfo.aspx?ID=1195
> And don´t forget, the cheap 128 MB version is already oversized.
--
Very Respectfully,
IT3 Stuart Blake Tener, USN
Beverly Hills, California
Amateur Radio Call Sign: N3GWG (Extra)
email: teners@xxxxxxxxxxx
phone: +(1) 310.358.0202 (Beverly Hills, CA)
phone: +(1) 215.338.6005 (Philadelphia, PA)
phone: +(1) 702.988.3989 (Las Vegas, NV)
E-Fax: +(1) 915.773.0935 (Telecopier)
Military emails (checked monthly until remote NMCI access is secured)
NIPRNET: stuart.tener@xxxxxxxx / tenerstu@xxxxxxx
SIPRNET: NONE
TS/SCI: tenerstu@xxxxxxxxxx (GWAN)
Confidentiality Notice: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and/or privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
