Re: [qubes-users] Re: Q wipe files
Hello, on the application layer I can find some better encryption, which is polymorphic. This will prevent that someone find the leverage point to kick the crypto out. https://www.youtube.com/watch?v=aApTVqeGJMw But sadly this PMC is running only under windows. https://www.youtube.com/watch?v=aApTVqeGJMw Ok I can do it on a WinVM under Qubes. But Windows is not a real time system and so nobody knows what is really going on. The only task is to encrypt the original file and delete/wipe the original file. So a real-time OS would be much better, than a multitasking system. If the wipe/shred perhaps or perhaps not will work, there is only one solution to make sure that the disk is clean: https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq But never mind, Q OS uses a full disk encryption, which is quite smart. This means every original file and any temps or other randomized shadow-files are as well encrypted by default. So I don't need to destroy my PC after I send one email, because I can remove the WinVM. But now I came to the old question, is the LUKS disk encryption perhaps or perhaps not it will be safe? I think the only clean support will be the possibility to plug in the own parallel encryption. Is there some tutorial, how I can use a API to plug in my own encryption as a per-process f before LUKS begins his crypt-process? This will be a multi-layer security system in the end. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/918f266f-92ad-4368-84b7-9ff570ca883c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Q wipe files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/04/2016 03:17 PM, Andrew David Wong wrote: > By default, the default LUKS parameters are used. So, this question > (and the answer) should be the same for many (most?) OSes that use > LUKS/dm-crypt for full disk encryption. > Okey, Are you really want amount on psychical security that common OS provides or you want high level of security? I will describe my through about "layer 2" of encryption on other thread. But we really need them! And it must use other peace of software to do that! >> How much operations need to brute "one" password? > > The answer will depend *heavily* on the length and entropy of the > passphrase. > I understand that. But lets count the time for 8 or 10 characters password. I will try to do that later if somebody will not share this info with us. ps. sorry I send you direct email. It's my mistake while I only start using maillist via email. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXemFFAAoJEGSin3PC/C0AKX8P/22DFmmwn+95Zi1JYl5ZvAGn 15DKiZTjuK5o2nyj8WREwZIUmQEtjmMnEvzlojKldO/Cb9O3RUtLISXgw3A+wQ1w gWgyDy0LFx1TBCmk/RN1Jg3r3X/GmHy1gHLBrgmzMPeIe9tDj4Scbj+l7qishk5g sb6KzL4d/Y2x0z5s7/JtenTKrg3gabwFI8J3MA1FGiofOdtlnUwZ1KnYquqxbcJ/ d71rJ+Mu57uvGAvQOVsYqvnZjUZIaSBZl1XLFBa8mTBLqzhW7qDrUeXw5kaNo0JS iyLZs/KXXEgSnYgonwvDK2DTl3P2wbFq8i+CSOgRAPFq1AqdSIiEYAMvOY3PUjrR MsM41hzya+9F2OGI/d8qYgI++xKVY4qB/JdUVUbjgoHnVv4L4xwLJqE/wtuAp1l0 nyNyDN66U6sUfzF7BE7wy0NKDQ9bn0EhM7+2iV5Bp0FgeXovQsbwXEc765NJuqKR vQETaispNEv7SokshfFrgepriQ4mBxD9DxjLjw+laVCtYUIyIVzlVixwFSdcVHUE PC6MjzpDhFcODeZX+fDYN2Vu4U6hYhjJnjGuBk2/0qqmvS9LFSevXqH/rPhzJIpU opVG6apdvozcbVPETYx8z35glsNbecfLxXxFVNdNW1PuAsxdk93wCgZLrvrGP6jd D5LJrykqeNwhBSKNQN+l =x57P -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d97cc4d0-0cd4-990a-3b7c-7310ef3dbe8c%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Q wipe files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-04 02:37, Eva Star wrote: > I want also disscuss the related topic about "how strong the > encryption of Qubes os by default" when in the world available many > supercomputers and bot networks with over 93 petaflops (93 > quadrillion floating-point operations per second) > By default, the default LUKS parameters are used. So, this question (and the answer) should be the same for many (most?) OSes that use LUKS/dm-crypt for full disk encryption. > How much operations need to brute "one" password? The answer will depend *heavily* on the length and entropy of the passphrase. > Can we count the time to brute some regular container on regular > pc that encrypted with default crypt setup settings on some > supercomputer that is already official available? Here are some links for you: http://security.stackexchange.com/a/25392 http://security.stackexchange.com/q/79319 http://security.stackexchange.com/q/61346 http://security.stackexchange.com/q/82389 http://www.eetimes.com/document.asp?doc_id=1279619 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXelPVAAoJENtN07w5UDAwvJQP/jEKpvg8nvxrfe0RG7bLHc0h hcbwZLcMBvYRSPRYJQENlHBNyhAfA8vyxQnb5vDH4+MmwdJNfCyAgU3R44QHyqAs eloAIQJJa+r09xlLvIEwE/eHxe/zqjr76joYF1SayJH1nGKOpCCY9gxb34hhdrf3 MGmAZIsIk8VTyzr6nxEn/YRTnWmynqEOFxJNpdHi1plsFVOP8oIUWN2s0i6lfeqn 1iK87M1JOeMHoNYjHJAhu+/AjDXYueknRdp8U5bni+radKnj2unT/If9qYGG7ult n7z/MPtVbsvzd0B5WRAZcaP0T/tYVLtS4JYZvV8u8WRFPFvmaJsVr8aa3KjVOHG2 K6+AC67RZ4fQFi4ne9dzN61dvCjOznVHod8kdVFbEGwowGaGu1u1YLkYnQAQhYWF Qg9tjFvVdVYQ+9fD9PvkIXHj0JoXkrKKQSgJ41tpkzAoCt0vdhAXTkzRnPg9quMG I5TI9JeNM4zeiBEMcnnWna8M/42AFNOhXCV2u+gIYe7WX/SpJfvxPcbLo5vLJlAs d9dyyndVU6gqegm75nx4rnM2KL082ahHGPKETZDlrRIMoUCPJ7Yxnbc2bOscojXz gGsfSUPTg/z3TvwlhyEsnES08MF6XAdgXBGwwxhXoZhd2GLPaNydW2IZo6KTwHMC KerY+ZC3u3zlS1DW0zNK =d/ab -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c5808e21-8b7c-bbff-446b-bd37a6627c25%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Q wipe files
Hello Andrew, crypto last line of defense... the last line of defense is always the crypto. So with a fractal security concept different security concepts on different security level will enhance each other. The simple idea is, if the crypto is really strong, I can throw away the keys of all removed VM1s. If the crypto is working correct, even if some file-copies are left on the system in some strange corners, nobody can recover it. The best would be that all keys are stored on an external storage, which can be removed or destroyed more easily. The physical security is zero, if you are not a owner of a well-armed bunker area in the deep ground. Even for me happens a break-in and out. No material things get moved... But you might get a disk-copy quite fast, if you gain the full physicall access to a PC. https://www.sandisk.com/about/media-center/press-releases/2015/sandisk-expands-into-the-external-storage-market-with-world%E2%80%99s-highest-performing-portable-ssd Ok, my physical security is 0%. What can I do? How good it the login-protection to a PC? 10%? (Windows 98 you can just invent a new user-name and a new password and you will see all data on this PC. Is this a OS with a password-protection?) babf bug and backdoor free babf Disk Encryption 10% smart policy, which works also in the practice 99.% smart Q-OS separation of data and apps 99.% smart Q-OS compartmentalization and save copy and paste 99.% & 99.% smart password management 10% smart password complexity 30% smart non-deterministic random to gain un-guessable passwords 1% system is free of other weaknesses 1% So my data will be safe for 30%. Can I do it better? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71d5e8a2-9036-4424-aac7-80d1ded958e5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Q wipe files
Hello Chris, Hello Andrew, The problem in theory is always the same, if some malicious intended party is involved... Business Case for confidentiality and integrity: i) Avoid that some information shows up, which should be secret (like a business plan) ii) Avoid that some important information suddenly disappears, which must be in place (like the tax-declaration) iii) And sure to avoid any kind manipulation on the data is not possible or at least detected (and backup), so always the original data get processed. Q-Solution: Would be this some plan A to reach it? - VM0G VM0Y, VM0R to store all data from green, yellow and red VMs (I think that's fin) - VM1G, VM1Y, VM1R processing the data with the green, yellow and red Apps and with move-to-vm they get send to the VM0x (I think that's fin) - All VMs are encrypted with two different ciphers and separate keys - I can define the key-length, the alphabet which uses the keys and the entropy of the keys, so that guessing the keys are not possible - So I can re-setup the VM1x frequently and if some data are left, nobody can reconstruct it Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eefa5cfb-2bfd-499c-b037-a1452c7c8de9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
