Serial Port Network
I have 2 older desktop computers (old Pentium 1 processors), and I would like to create a simple network to allow them to ssh each other and share data. Problem is that one of them doesn't have USB, but only a serail port. I did a search of the archives, as well as a google search for serial port networking, and tty networking, but found nothing relevant. I understand that serial ports are very slow, but I see no other option. I have one monitor, and two computers (towers). I would like to install OpenBSD on both of them (temporarily switching the monitors for each install), and have one of them use the monitor, and control the other via the Serial Port. In short, what I would like to do is: Set up the computers so that one of them has access to the monitor, and full access to the other system, so I can use each computer's hard drive, run commands on the headless system, and set up simple file sharing between the two. I know how to set up the file sharing, and have used SSH in the past, but my problem involves getting a Serial Port connection to perform the required data sharing. Any suggestions? - Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA.
Re: SVND -k and -K ERRATUM
I did notice something along those lines. I have some special characters in my encryption keys. They work fine when entered in the main OpenBSD shell, and work fine when run out of an XTerm. They don't work if I try to use them from a KDE Konsole. Woodchuck [EMAIL PROTECTED] wrote: A problem here is that evidently getpass() is reading the terminal in cooked mode. Unfortunately, the characters that are consumed in cooking can vary depending on user settings (man stty). This can lead to surprises if you get too loose about what control (and high ascii, maybe) characters you use in input to getpass(). An svnd device you mount one day from an xterm might be mysteriously unreadable when you mount it from a text console during a single-user session. The source for getpass() is in /usr/src/lib/libc/gen/readpassphrase.c You might wish to analyze that routine with respect to what state of cooking it places /dev/tty or STDIN into. You're one step away from hexadecimal armor or whatever the PGP folks call it. ;) Considerations like the preceding paragraph as well as internationalization issues are why PGP keeps its various things as ascii-hex characters. They also simplify storage on paper in the bank deposit box. Dave -- I believe that banking institutions are more dangerous to our liberties than standing armies. -- T. Jefferson - Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games.
Re: SVND -k and -K ERRATUM
I looked at the source code. In /src/sys/dev/vnd.c, it has the lines: blf_ecb_encrypt(vnd-sc_keyctx, iv, sizeof(iv)); if (encrypt) blf_cbc_encrypt(vnd-sc_keyctx, iv, addr, bsize); This looks like it encrypts the key using the iv of all zeroes. True, it doesn't add any salt using -k, but it doesn't look like the user's key is the key that is actually used. I am curious what happens if the user enters a key longer than 448 bits. If the user enters a 456 bit key, would the extra 8 bits just be dropped from the key? I was playing around on my system, and it seems that you can enter around 248 or so of the 256 possible characters. Exceptions include CTRl+C,CTRL+D, and a few others. Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html
SVND -k and -K
On the newer versions of OpenBSD, there is -K added as an option for SVND. I always used the -k option with a strong key and no salt file. Is the original -k method still secure, given a strong key? Food fight? Enjoy some healthy debate in the Yahoo! Answers Food Drink QA. http://answers.yahoo.com/dir/?link=listsid=396545367
Re: SVND -k and -K
I don't see how adding salt to the key can provide more security if the user has chosen a long key with sufficient entropy. For example, if the user used the original -k option and had a truly random 448 bit key, adding the salt would have no advantage, if the salt only affected the key. It could even be a disadvantage, as the 448 bit random key the user chose would be reduced to a 128 bit key with the salt added in. Woodchuck [EMAIL PROTECTED] wrote: On Sat, 27 Jan 2007, Don Smith wrote: On the newer versions of OpenBSD, there is -K added as an option for SVND. I always used the -k option with a strong key and no salt file. Is the original -k method still secure, given a strong key? No. But that's hearsay. Here's what I heard someone say: The biggest drawback of svnd is its lack of security in the general use case. It is vulnerable to an offline dictionary attack. That is, you can generate a database mapping known ciphertext blocks on the disk back into pass phrases that can be accessed in O(1) without even being in possession of the disk. What's even worse is that the same database will work on any svnd disk. It is possible--and perhaps even likely--that large agencies such as the NSA have constructed such a database and can crack a majority of the svnds in the world in less than a second. The way that one prevents an offline dictionary attack is to use a salt in conjunction with the pass phrase, Source: http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=3 Disclaimer: I am not a cryptanalyst. Maybe that's all FUD and blown smoke. Advice: Use the salt. How can it hurt? It depends on your threat model. If it's a laptop and you don't want some random thief or whoever he sells your stolen property to to read your disk, -k will suffice. If you're worried about a large government, there are still other considerations (rubber hoses for one), but the salt won't hurt. If I recall the source code correctly, using -k, you are already using salt -- of zero. The salt is used when generating the key from the passphrase, and won't slow down the actual disk en/decryption, so salt is a win. Dave -- The law has converted plunder into a right and lawful defense into a crime. -- Frederic Bastiat, 1850 - Get your own web address. Have a HUGE year through Yahoo! Small Business.
SVND Encryption
If I use a 50 character key for my SVND encrypted filesystems, do all bits get used in the Blowfish key, or is the key length limited to anything below 448 bits? If I typed in a 56 character (448 bit) key at the prompt, would the whole thing be used? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com