|
ecryptfs is nice, but a bit fiddly to start with if you do everything manually. pretty smooth sailing after the initial setup though. in other news: woop linux 4.17
|
#
?
Jun 4, 2018 21:40
|
|
|
|
| # ? Apr 26, 2024 00:42 |
|
|
quote:full in-kernel TLS protocol support 
|
|
#
?
Jun 4, 2018 22:06
|
|
|
el dorito posted:having it in the kernel makes it much, much, much easier to plan and implement a true hardware accelerated implementation. quoting myself also, imagine using sendfile as a true zero copy implementation, it would be sweet
|
|
#
?
Jun 4, 2018 23:49
|
|
|
el dorito posted:two things about ecryptfs to know good to know, thanks i do btrfs snapshot synchronization from my laptop to a home server, with snapshots taken during the initrd startup procedure, and i do not need those backups to be encrypted too but i am okay with that, just want to make sure i can read those backups if necessary have not taken the plunge in encrypting my whole home directory, will want to test a lot of disaster recovery before doing that, for now im happy with .thunderbird, .config/Signal, and .ssh being encrypted
|
|
#
?
Jun 5, 2018 00:11
|
|
|
sendfile()/splice()/etc. down TLS sockets
|
|
#
?
Jun 5, 2018 00:33
|
|
|
im litereally running linux on a goddamn desktop
|
|
#
?
Jun 5, 2018 00:34
|
|
|
el dorito posted:ubuntu is, for whatever reason, removing ecryptfs from the default install what is the point of ecryptfs vs just encrypting the entire disk
|
|
#
?
Jun 5, 2018 00:53
|
|
|
I do both. I like having multiple levels of encryption. I agree that having just ecryptfs is not really helpful unless you really want a relatively user friendly solution that can still ensure security between users (to an extent, since if the user session does not log out, then the data is still viewable) sb hermit fucked around with this message at 01:34 on Jun 5, 2018 |
|
#
?
Jun 5, 2018 01:31
|
|
|
this guy needs a suspicious amount of encryption
|
|
#
?
Jun 5, 2018 02:07
|
|
|
just use fde
|
|
#
?
Jun 5, 2018 02:26
|
|
|
Sapozhnik posted:just use freenet
|
|
#
?
Jun 5, 2018 04:02
|
|
|
my bitter bi rival posted:im litereally running linux on a goddamn desktop hosed up if true
|
|
#
?
Jun 5, 2018 04:40
|
|
|
pram posted:this guy needs a suspicious amount of encryption
|
|
#
?
Jun 5, 2018 04:56
|
|
|
normal operating systems made by professionals do full disk and per-file encryption simultaneously they even do cool things like use asymmetric encryption for files created when the computer is locked and then transparently convert them to symmetric encryption the next time the user unlocks it
|
|
#
?
Jun 5, 2018 06:04
|
|
|
pseudorandom name posted:normal operating systems made by professionals do full disk and per-file encryption simultaneously nope the normal operating system used by professionals is linux, and that is not a necessary condition of either known use cases nor posix apis
|
|
#
?
Jun 5, 2018 06:14
|
|
|
Notorious b.s.d. posted:what is the point of ecryptfs vs just encrypting the entire disk fde is overkill if you only care about encrypting a folder or two
|
|
#
?
Jun 5, 2018 09:03
|
|
|
enjoy having unencrypted bits and pieces of poo poo you’d prefer to be encrypted scattered around and impossible to zero out/scramble thanks to SSD wear leveling you can never let bits touch the substrate if you want them to remain secure
|
|
#
?
Jun 5, 2018 09:26
|
|
|
eschaton posted:enjoy having unencrypted bits and pieces of poo poo you’d prefer to be encrypted scattered around bullshit
|
|
#
?
Jun 5, 2018 10:48
|
|
|
Notorious b.s.d. posted:nope lol. no professional anywhere uses Linux no matter how many penguins you photoshop onto company logos
|
|
#
?
Jun 5, 2018 17:53
|
|
|
microsoft azure networking is not professional then https://azure.microsoft.com/en-ca/blog/sonic-the-networking-switch-software-that-powers-the-microsoft-global-cloud/
|
|
#
?
Jun 5, 2018 18:40
|
|
|
eschaton posted:enjoy having unencrypted bits and pieces of poo poo you’d prefer to be encrypted scattered around the ssd problem will eventually go away with microsoft denali, assuming it will get to consumers basically the ssd is just raw nand and software/off drive fpga handles all the wear leveling https://www.servethehome.com/microsoft-project-denali-game-changer-flash-storage-at-scale/
|
|
#
?
Jun 5, 2018 18:53
|
|
|
Perplx posted:microsoft azure networking is not professional then gotta go fast
|
|
#
?
Jun 5, 2018 18:56
|
|
|
also nobody uses Linux on a desktop. for network devices its probably fine
|
|
#
?
Jun 5, 2018 18:57
|
|
|
Shaggar posted:also nobody uses Linux on a desktop. for network devices its probably fine nerds do
|
|
#
?
Jun 5, 2018 18:58
|
|
|
Notorious b.s.d. posted:the normal operating system used by professionals is linux, and that is not a necessary condition of either known use cases nor posix apis Shaggar posted:lol. no professional anywhere uses Linux no matter how many penguins you photoshop onto company logos Perplx posted:microsoft azure networking is not professional then ah yes, that normal thing used by professionals and not something that most professionals don't know exists jammed into a rack in a dark warehouse most professionals are using lovely custom apps on windows when they're not using quickbooks, excel, and outlook also on windows
|
|
#
?
Jun 5, 2018 19:00
|
|
|
more like un-professionals
|
|
#
?
Jun 5, 2018 19:04
|
|
|
Notorious b.s.d. posted:nope you were making great strides in refreshing your gimmick by adding the shoe fetish and then you had to go and backslide into your boring old tropes
|
|
#
?
Jun 5, 2018 19:10
|
|
|
pseudorandom name posted:you were making great strides in refreshing your gimmick by adding the shoe fetish and then you had to go and backslide into your boring old tropes lmao
|
|
#
?
Jun 5, 2018 19:24
|
|
|
Tankakern posted:bullshit nope, unless you can bypass the controller and talk directly to the NAND, you can’t be sure that anything “erased” or “overwritten” really has been
|
|
#
?
Jun 5, 2018 22:15
|
|
|
Perplx posted:the ssd problem will eventually go away with microsoft denali, assuming it will get to consumers lol. wake me up when that’s even a thing in large cloud deployments, and then expect it to take forever to trickle down to smaller systems, if it ever does there’s a bunch of really difficult problems which those presentation slides are not even acknowledging the existence of. software dudes might wish it were true that you can turn flash chips into a fully fungible commodity, but there are lots of problems currently being solved by having the ftl be deeply aware of device-specific behaviors. the hand waving there doesn’t fill me with confidence that these guys have done anything beyond consuming some research budget to build a useless proof of concept that will fizzle if they attempt to make a real product out of it
|
|
#
?
Jun 5, 2018 22:34
|
|
|
eschaton posted:nope, unless you can bypass the controller and talk directly to the NAND, you can’t be sure that anything “erased” or “overwritten” really has been so? you don't decrypt poo poo on the disk itself, and even if you did this is comparable to "nothing really gets deleted on spinning harddrives, just pull out your electron microscope and have a peek"
|
|
#
?
Jun 6, 2018 07:29
|
|
|
With SSD's you use the built in encryption which encrypts every block. Then when you need to do secure erase all you do is delete the key. And you pray that the implementation doesn't suck.
|
|
#
?
Jun 6, 2018 08:05
|
|
|
it’s me. I’m the hardware Caesar cipher with a one byte key.
|
|
#
?
Jun 6, 2018 08:49
|
|
|
Tankakern posted:so? you don't decrypt poo poo on the disk itself, and even if you did this is comparable to "nothing really gets deleted on spinning harddrives, just pull out your electron microscope and have a peek" lol what it is many, many orders of magnitude easier to do this on a ssd. you have two paths, brute force (desolder the flash parts and put them into reader fixtures) or clever (load hacked firmware that lets you read raw instead of going through the FTL) there's going to be some details involved but nothing as exotic and unreliable as loving around with an electron microscope, hoping you can find something in the fringes of overwritten sectors. anything you thought was erased or overwritten that the FTL hasn't yet actually recycled yet is right there, ripe for the picking like how do you even make that comparison, mind blown
|
|
#
?
Jun 6, 2018 09:54
|
|
|
BobHoward posted:lol what it's not as easy as you make it sound, hence the comparison/hyperbole and it's still a moot point, because you don't store decrypted content on disk anyway
|
|
#
?
Jun 6, 2018 11:22
|
|
|
Is there a good YouTube series or finger family episode about reading comprehension
|
|
#
?
Jun 6, 2018 12:28
|
|
|
geonetix posted:it’s me. I’m the hardware Caesar cipher with a one byte key. all modern disks use aes iirc might as well since there's lots of ready to use silicon ip for it, and it's active whether you explicitly enable encryption or not because ciphertext has an even distribution of 1s and 0s, which is good for wear levelling.
|
|
#
?
Jun 6, 2018 13:55
|
|
|
https://lwn.net/Articles/756964/ nsa back on their bullshit lol
|
|
#
?
Jun 9, 2018 18:33
|
|
|
Sapozhnik posted:https://lwn.net/Articles/756964/ that's a dismantling 👍
|
|
#
?
Jun 9, 2018 21:28
|
|
|
|
| # ? Apr 26, 2024 00:42 |
|
|
that’s hilarious. Jesus Christ guys if you’re a spy agency shouldn’t you be good at convincing people to do stuff that’s not I. their best interests rather than just badly trying to bully them
|
|
#
?
Jun 10, 2018 04:23
|
|
