Re: Experimenting with softraid encryption
I wrote some notes about installing and experimenting with softraid encryption on laptops. I was wondering if misc would have a read and perhaps make suggestions or corrections to my approach? I appreciate any feedback. http://16systems.com/openbsd_softraid_encryption.txt quote 6. Upon each subsequent boot enter this: # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
On Tue, Dec 1, 2009 at 7:35 AM, LEVAI Daniel l...@ecentrum.hu wrote: I wrote some notes about installing and experimenting with softraid encryption on laptops. I was wondering if misc would have a read and perhaps make suggestions or corrections to my approach? I appreciate any feedback. http://16systems.com/openbsd_softraid_encryption.txt quote 6. Upon each subsequent boot enter this: B B B B # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Brad
Re: Experimenting with softraid encryption
no On Tue, Dec 01, 2009 at 08:56:08AM -0500, Brad Tilley wrote: On Tue, Dec 1, 2009 at 7:35 AM, LEVAI Daniel l...@ecentrum.hu wrote: I wrote some notes about installing and experimenting with softraid encryption on laptops. I was wondering if misc would have a read and perhaps make suggestions or corrections to my approach? I appreciate any feedback. http://16systems.com/openbsd_softraid_encryption.txt quote 6. Upon each subsequent boot enter this: B B B B # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Brad
Re: Experimenting with softraid encryption
quote 6. Upon each subsequent boot enter this: # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Marco said no So explicitly specifying the rounds at each boot seems unnecessary. Brad
Re: Experimenting with softraid encryption
On Tuesday 01 December 2009 19.38.13 you wrote: quote 6. Upon each subsequent boot enter this: # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Marco said no So explicitly specifying the rounds at each boot seems unnecessary. What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? Daniel -- LC VAI DC!niel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
It is the same operation isn't it? You end up with a crypto disk (or not if something goes wrong); why would you have 2 different commands for the same action? On Tue, Dec 01, 2009 at 08:52:54PM +0100, LEVAI Daniel wrote: On Tuesday 01 December 2009 19.38.13 you wrote: quote 6. Upon each subsequent boot enter this: # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Marco said no So explicitly specifying the rounds at each boot seems unnecessary. What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? Daniel -- L??VAI D??niel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
On Tue, Dec 1, 2009 at 2:52 PM, LEVAI Daniel l...@ecentrum.hu wrote: What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? You'll enter a pass-phrase twice at creation time, only once afterward. Brad
Re: Experimenting with softraid encryption
On Dec 1, 2009, at 1:52 PM, LEVAI Daniel wrote: On Tuesday 01 December 2009 19.38.13 you wrote: quote 6. Upon each subsequent boot enter this: # bioctl -c C -l /dev/wd0d softraid0 exit /quote I'm also specifying the -r 32768 along with these. I suppose it is useless then, isn't it? I'm not sure. The man page is unclear. It seems to work either way. Can rounds be changed after initially creating the volume? Marco said no So explicitly specifying the rounds at each boot seems unnecessary. What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? Daniel -- LCVAI DC!niel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1 If you're creating a new device, you'll be prompted twice for the password. Obviously if you thought you were opening an existing device and get the 2nd prompt that would be a good time to ctrl-c or type the wrong password the 2nd time to cause bioctl to fail the process.
Re: Experimenting with softraid encryption
On Tuesday 01 December 2009 21.07.04 you wrote: What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? It is the same operation isn't it? You end up with a crypto disk (or not if something goes wrong); why would you have 2 different commands for the same action? # bioctl -c C -l /dev/wd0d softraid0 So basically, at first bioctl somehow (how?) knows that there isn't any crypto stuff on wd0d, and after that it will know that it must not disturb (recreate) the crypto disk - because it has been created before -, but only open it. Is this correct? If it is, then how can one recreate a crypto disk (eg. for changing the password)? Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
I think the time has come for you to read the docs. On Tue, Dec 01, 2009 at 09:22:58PM +0100, LEVAI Daniel wrote: On Tuesday 01 December 2009 21.07.04 you wrote: What is confusing me, is that one creates and activates a crypt device with basically the same command. How could I know if I'm creating a new crypted device, or opening an existing one? It is the same operation isn't it? You end up with a crypto disk (or not if something goes wrong); why would you have 2 different commands for the same action? # bioctl -c C -l /dev/wd0d softraid0 So basically, at first bioctl somehow (how?) knows that there isn't any crypto stuff on wd0d, and after that it will know that it must not disturb (recreate) the crypto disk - because it has been created before -, but only open it. Is this correct? If it is, then how can one recreate a crypto disk (eg. for changing the password)? Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
On Tuesday 01 December 2009 21.45.31 you wrote: -, but only open it. Is this correct? If it is, then how can one recreate a crypto disk (eg. for changing the password)? [...] I think the time has come for you to read the docs. Sorry, I didn't notice that -current has the password change feature (-P option); my 4.5 and 4.6 box hasn't got it... Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
Re: Experimenting with softraid encryption
On Tue, Dec 1, 2009 at 3:21 PM, Aaron Poffenberger a...@hypernote.com wrote: If you're creating a new device, you'll be prompted twice for the password. I've found that's one notable difference between softraid and vnconfig crypto volumes. vnconfig never prompts more than once for the password, even at initial setup. Brad
Experimenting with softraid encryption
I wrote some notes about installing and experimenting with softraid encryption on laptops. I was wondering if misc would have a read and perhaps make suggestions or corrections to my approach? I appreciate any feedback. http://16systems.com/openbsd_softraid_encryption.txt Brad