On Fri, 13 Nov 2009 08:41 -0600, "Marco Peereboom"
wrote:
> http://xkcd.com/538/
>
and the title text to that comic really says it all;
"Actual actual reality: nobody cares about his secrets."
On Fri, Nov 13, 2009 at 9:39 AM, Brad Tilley wrote:
> On Fri, Nov 13, 2009 at 9:09 AM, Otto Moerbeek wrote:
>> What's the point of encrypting certificates? They only contain
>> information that is public.
>
> They can be revoked and re-issued as well.
Cert revocation would be a great idea if it
On Fri, 13 Nov 2009, Marco Peereboom wrote:
http://xkcd.com/538/
but Marco, you can't use drugs and cheap tools if you want
the target to be oblivious to getting compromised. instead
you use a US$1k toilet seat to wack them around. :-)
Brad Tilley wrote:
On Fri, Nov 13, 2009 at 9:09 AM, Otto Moerbeek wrote:
What's the point of encrypting certificates? They only contain
information that is public.
They can be revoked and re-issued as well.
can you and elias please stop this thread? it is clear that you both
k
Am 11/13/2009 03:07 PM, schrieb Brad Tilley:
On Fri, Nov 13, 2009 at 8:50 AM, elias r. wrote:
Especially because OpenBSD isn't about 90% solutions i still don't
understand why nobody seems to be interested in finding a solution for
encrypting entire /
If you are only concerned about data in
http://xkcd.com/538/
On Fri, Nov 13, 2009 at 9:09 AM, Otto Moerbeek wrote:
> What's the point of encrypting certificates? They only contain
> information that is public.
They can be revoked and re-issued as well.
Am 11/13/2009 03:09 PM, schrieb Otto Moerbeek:
On Fri, Nov 13, 2009 at 02:50:40PM +0100, elias r. wrote:
Am 11/01/2009 09:36 AM, schrieb Joachim Schipper:
On Sat, Oct 31, 2009 at 09:52:06AM -0400, Brad Tilley wrote:
On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
wrote:
[My (Joachim's)
Am 11/13/2009 03:12 PM, schrieb Robert:
On Fri, 13 Nov 2009 14:50:40 +0100
"elias r." wrote:
Especially because OpenBSD isn't about 90% solutions i still don't
understand why nobody seems to be interested in finding a solution for
encrypting entire / (except sth like the /boot partition like i
On Fri, Nov 13, 2009 at 02:50:40PM +0100, elias r. wrote:
> Am 11/01/2009 09:36 AM, schrieb Joachim Schipper:
> >On Sat, Oct 31, 2009 at 09:52:06AM -0400, Brad Tilley wrote:
> >>On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
> >> wrote:
> >[My (Joachim's) message, snipped by Brat:
> >Encryptin
On Fri, Nov 13, 2009 at 8:50 AM, elias r. wrote:
> Especially because OpenBSD isn't about 90% solutions i still don't
> understand why nobody seems to be interested in finding a solution for
> encrypting entire /
If you are only concerned about data in /home and protecting against
theft, then th
On Fri, 13 Nov 2009 14:50:40 +0100
"elias r." wrote:
> Especially because OpenBSD isn't about 90% solutions i still don't
> understand why nobody seems to be interested in finding a solution for
> encrypting entire / (except sth like the /boot partition like it is in
> (yeah, i know...) linux + l
Am 11/01/2009 09:36 AM, schrieb Joachim Schipper:
On Sat, Oct 31, 2009 at 09:52:06AM -0400, Brad Tilley wrote:
On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
wrote:
[My (Joachim's) message, snipped by Brat:
Encrypting just /home is dangerous. Do you know where vi(1) keeps its
backup files?
On Sun, 2009-11-08 at 00:41 +, Matthew Szudzik wrote:
> On Sat, Nov 07, 2009 at 05:39:47PM -0600, Alvaro Mantilla Gimenez wrote:
> > (check email, surf the net, etc...) but it is a pain in the ass the boot
> > process going to the shell every time and need to type: bioctl -c C
> > -l /dev/wd0d
On Sat, Nov 7, 2009 at 12:07 PM, Brad Tilley wrote:
> How do you bring this up at boot time and shutdown in an orderly fashion?
I found mount_vnd that should do it.
On Sat, Nov 07, 2009 at 05:39:47PM -0600, Alvaro Mantilla Gimenez wrote:
> (check email, surf the net, etc...) but it is a pain in the ass the boot
> process going to the shell every time and need to type: bioctl -c C
> -l /dev/wd0d
http://marc.info/?l=openbsd-misc&m=124187397614485
On Sat, 2009-10-31 at 09:00 -0500, Jacob Yocom-Piatt wrote:
> - when you reboot, the boot process will 'fail' and dump you to shell
> since sd1 is not unlocked as part of the boot process
> - at a shell do the following to get your disk rollin: bioctl -c C -l
> /dev/sd0b softraid0, enter passphr
Thanks to everyone for the feedback. The biggest criticism to this
approach has been that /var is not encrypted. My practice of only
encrypting /home and using rc.local to setup /home at boot would not
seem to work for /var as /var is needed long before rc.local is
executed. Is anyone using vnconfi
On Sun, Nov 1, 2009 at 3:36 AM, Joachim Schipper
wrote:
> I can't tell whether you miss the point or are arguing that a 90%
> solution is good enough.
I understand that when I do this *only* /home is encrypted. The title
says it all, right?
> In the first case: try it. Run vi(1) on some file. O
On Sun, Nov 01, 2009 at 09:36:40AM +0100, Joachim Schipper wrote:
> On Sat, Oct 31, 2009 at 09:52:06AM -0400, Brad Tilley wrote:
> > On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
> > wrote:
> [My (Joachim's) message, snipped by Brat:
Sorry, this was
On Sat, Oct 31, 2009 at 09:52:06AM -0400, Brad Tilley wrote:
> On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
> wrote:
[My (Joachim's) message, snipped by Brat:
Encrypting just /home is dangerous. Do you know where vi(1) keeps its
backup files? Are you *sure* that's the only application that wo
On Sat, Oct 31, 2009 at 10:00 AM, Jacob Yocom-Piatt
wrote:
> disk name is sd0) fdisk -iy sd0, disklabel -E sd0, make a smallish 100-150
> MB 4.4BSD partition for root and the rest of the disk set as a single
> partition of type RAID e.g. /dev/sd0a is root and /dev/sd0b is softraid,
> write disklab
* To Unmount, do this:
- # unmount /home
+ # umount /home
# vnconfig -v -u svnd0
/Markus
Brad Tilley wrote:
I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
I was hoping misc could read it and bash it around some. I'd like to
know if I'm doing something wrong
If you have enough memory you can avoid the /tmp problem by moving it
into RAM:
fstab:
swap /tmp mfs rw,async,nodev,nosuid,-s=200 0 0
This will also speed up some things that write to /tmp.
But keep in mind that in case of a crash the content is lost (if this is
relevant for you).
regar
Brad Tilley wrote:
I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
I was hoping misc could read it and bash it around some. I'd like to
know if I'm doing something wrong. No jokes about Beck's ass please :)
http://16systems.com/openbsd_laptop_encryption.txt
Thanks,
Brad
On Sat, Oct 31, 2009 at 9:30 AM, Joachim Schipper
wrote:
> You should also be careful to note that /root is not encrypted under this
> scheme.
The title says it all. Like most normal people, I keep data in /home.
I don't care about meta data that might be in /tmp and I do not wish
to encrypt /.
On Fri, Oct 30, 2009 at 07:57:08PM -0400, Brad Tilley wrote:
> I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
> I was hoping misc could read it and bash it around some. I'd like to
> know if I'm doing something wrong. No jokes about Beck's ass please :)
>
> http://16systems
Maybe it's more usefull encrypted a file IN the /home partition and
move the 'shit' there, then you create symlinks (ln -s) to the
encrypted file and done.
2009/10/30 Brad Tilley :
> I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
> I was hoping misc could read it and bash i
1. You don't really need to fdisk.
2. People should be advised to use softraid crypto now.
3. You don't specify a NUMBER or explain its importance.
The last part is probably the part most people don't understand, so
I'll explain that more fully here.
bioctl says the default for a similar keyin
I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
I was hoping misc could read it and bash it around some. I'd like to
know if I'm doing something wrong. No jokes about Beck's ass please :)
http://16systems.com/openbsd_laptop_encryption.txt
Thanks,
Brad
30 matches
Mail list logo
