Em quarta-feira, 6 de julho de 2016 12:37:31 UTC-3, Andrew David Wong escreveu: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-07-05 12:35, juris...@gmail.com wrote: > > Em terça-feira, 5 de julho de 2016 06:54:14 UTC-3, Andrew David > > Wong escreveu: On 2016-07-04 22:46, juris...@gmail.com wrote: > >>>> 1) qubes is a system for security and isolation. But when you > >>>> install, you have no encryption options. > > > > Qubes uses full disk enryption by default: > > > > https://www.qubes-os.org/doc/user-faq/#does-qubes-use-full- > > disk-encryption-fde > > > >>>> distros thinks that if a user wants some strong crypto thing, > >>>> they must research themselves and do all manually. We dont > >>>> even find nothing about qubes encryption in docs. That is > >>>> wrong. > > > > I added this page to our docs a week ago: > > > > https://www.qubes-os.org/doc/encryption-config/ > > > >>>> [...] > >>>> > >>>> 5) i will use this post to state that tor behaves differently > >>>> to connect in windows tor browser, or linux tor browser, > >>>> compared to whonix, and i dont know why. Whonix gets always > >>>> same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to > >>>> 60 kB/s of downloads, and in tor browser outside whonix, i > >>>> get 500 to 1 Mb kB/s downloads. Thats really strange and > >>>> wasn`t expected. I get this behavior for almost 2 years, and > >>>> i dont have the expertize to know why. after some googling, i > >>>> saw i am not the only one getting different special routes in > >>>> tor using whonix. > >>>> > > > > This sounds like something that should be reported to the Tor > > project or Whonix. > > > > > > Thanks, Andrew. But still... I did not find wich encryption is used > > by default in qubes documentation. > > Well, Qubes just uses cryptsetup/LUKS/dm-crypt from upstream, so you > should really be looking for that in the cryptsetup documentation (FAQ): > > https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions > > > And people still has to do it manually. Plus, when i went to the > > advanced partitioning, there were lots of bugs. We need to be able > > to chose serpent, aes, cascade, iteractions, etc. > > > > Patches welcome! > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJXfSWyAAoJENtN07w5UDAw3C4QAMA/sIgs5nXL6TJN/kyLslkK > vycm0sed8mLJy9caFbh1N2rgo6COaMD4ql6UHFast9JYpwugZ0ld6u0za2Nx7eoh > XPiuUpHY4r745UEz7VhAHEkJZtNXnPlzmcJlb7r79lq35Ck/oHlvbrUBGXfzRctJ > FYNK7CSoWqy385hFSNcH5EHrlySmwIpxFjs7zLYegN3MyBTjqmXlTex8whyiV7o7 > zSdvsZsawKcB172LUbwxCcKTc33a7uFsFRsDpcdDjIlkoSBjKFfQVQovcXMLzxFU > dv7Sse3j6cmeV7MbegD9zYRNC4/KIE5rIva0bWM8rDwLhgIdpWyrdZyEl5PQf4Zz > prFRE8c0+6CCSAxFLVcK8GVtWmjHPN5IjeFDV/qNpL8/hRBI9B8U2liDaC+6XQhM > CEo7Cqx98ciOz+pP7Rq3PsArWmi57J/ZgjPtU/5ITDkuiU6MzIMuzVnhiQVMMV+p > VztfM4239yDQGc/Xh+lTRKeFqebFW7w4+02nm0VFslIYbmmkzvKcwkv2Zd6vTAGw > WfGnf5aTf0SdILL7QZ1gVHoPq6bPIM3Bxg9Bs1JhLACcRT18JJotCBnAmttcCUxJ > MDuBTkXPB5H27oWybgyv0KPnNFFLCjwWmU1vcMB9p426CGiOSdzoEemj4TdF1OvZ > 6yl1Ymih9pRVSb6y/r88 > =qvTi > -----END PGP SIGNATURE-----
I mean, what is the default encryption? what are the default iteractions? How many bits? Plus, like i said, i am an USER. I am a LAWYER, not a programmer. The system should not be directed for people to, without ANYTHING in installer telling me things like i read in the link you pointed me like "aes-xts-plain should not be used for encrypted container sizes larger than 2TiB. Use aes-xts-plain64 for that" should be automatic warning in a pop up when the person chosing encryption inside the installer is chosing it! Still the suggestion remains and with solid reasons: 1) a normal user DO NOT KNOW what WAS USED as encryption inside the installer. When i say that, i say AES? SERPENT? 128 bits? 256? Whirlpool? Not if it used LUKS, but even that is something that should be pointed, not just a "chose your password" 2) Outside the installer, is sad that is not in qubes faq or in the website. 3) And options to chose encryption are still a need. So the user can chose speed/security. For example, i dont trust AES intel thing, so i like to use serpent. Plus, when i typed wrong FDE password, i could try again VERY QUICKLY, so i doubt a good secure iteraction number was used. Imagine i keep telling my windows friends that knows nothing about programming to install QUBES and then when they ask about the encryption i paste a link like that and say STUDY SOME HOURS AND SOLVE THE PROBLEMS EVERY ONE OF YOU. HOURS FOR EACH STEP SO YOU DONT MAKE DUMB THINGS. Thats kinda nonsense. I mean, a security distro for desktop user, should have like a warning button pop up, "IF YOU USE SSD YOU CAN HAVE THE ISSUES X OR Y WITH ENCRYPTION", or other warnings everyone should know, in the programmer choice. For example, after i did read the link you pasted, i tought was VERY IMPORTANT to know that: "CLONING/IMAGING: If you clone or image a LUKS container, you make a copy of the LUKS header and the master key will stay the same! That means that if you distribute an image to several machines, the same master key will be used on all of them, regardless of whether you change the passphrases. Do NOT do this! If you do, a root-user on any of the machines with a mapped (decrypted) container or a passphrase on that machine can decrypt all other copies, breaking security. See also Item 6.15." ... So... wth?? If you change the password, anyone with any password can read my encryption WITHOUT MY PASSWORD? So, whats the point in changing password of a container in case was compromised? I mean, giving warnings and orientations would be a very time consuming thing, i know, i was just mentioning the ideal scenario from a security distro installer, but giving the encryption choices woud not be so hard. For example, i dont know about license problems, but could not someone just copy that script part from another distro? I remember i had this options when i installed debian years ago. Must still be there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee94ec3f-f681-4ef2-8bfe-b1390b8f9eca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
