Menu
▾
▴
vncrypt-users — Questions about vncrypt usage
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
(3) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
(2) |
Sep
|
Oct
(2) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(1) |
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
(6) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Andrey S. <bl...@in...> - 2004-06-08 07:40:57
|
On Mon, 7 Jun 2004 19:02:04 +0200, newbie <ta...@gm...> wrote: > I wonder whether it is possible to setup an encrypted root filesystem > with vncrypt? Sorry, no way. |
|
From: newbie <ta...@gm...> - 2004-06-07 17:01:02
|
hello, I wonder whether it is possible to setup an encrypted root filesystem with vncrypt? Unfortunately, I couldn't find any hints via Google. thx for your help. greets, richard |
|
From: Andrey S. <bl...@ru...> - 2004-01-26 18:25:23
|
Monday, January 26, 2004, 9:15:35 PM, you wrote: >> NEVER store your password in file, write it on sticker or do >> something like this. Reading password from descriptor was implemented >> for GUI developers, not for storing passwords on disk. >> i> I use it to get the password off a smart-card or usb-ram-drive i> which also holds the crypto key :) Use shell features vncryptctl -p 99 99< /mnt/usb_drive/evil_plaintext_password -- Best regards, Andrey mailto:bl...@ru... |
|
From: irq <ir...@ir...> - 2004-01-26 18:15:44
|
On Mon, 26 Jan 2004 11:36:40 +0300 Andrey Sverdlichenko <bl...@in...> wrote > Sunday, January 25, 2004, 3:55:33 AM, you wrote: > > b> a little patch to read the password from a <filename> and not <filedescriptor> > > This is EVIL :) thats why i love it soooo much ;-) > NEVER store your password in file, write it on sticker or do > something like this. Reading password from descriptor was implemented > for GUI developers, not for storing passwords on disk. > I use it to get the password off a smart-card or usb-ram-drive which also holds the crypto key :) cheers //j |
|
From: Andrey S. <bl...@in...> - 2004-01-26 08:38:12
|
Sunday, January 25, 2004, 3:55:33 AM, you wrote: b> a little patch to read the password from a <filename> and not <filedescriptor> This is EVIL :) NEVER store your password in file, write it on sticker or do something like this. Reading password from descriptor was implemented for GUI developers, not for storing passwords on disk. -- Best regards, Andrey mailto:bl...@in... |
|
From: Andrey S. <bl...@in...> - 2004-01-26 08:33:04
|
Sunday, January 25, 2004, 3:37:14 AM, you wrote: b> hello, b> is it possible to use more the 1 crypted virtual disk b> with different keys ? Sure. Disks are completely independent. -- Best regards, Andrey mailto:bl...@in... |
|
From: bofn <bo...@ir...> - 2004-01-25 00:55:40
|
Hello again, a little patch to read the password from a <filename> and not <filedescriptor> Cheers //j |
|
From: bofn <bo...@ir...> - 2004-01-25 00:37:22
|
hello, is it possible to use more the 1 crypted virtual disk with different keys ? Cheers //j |
|
From: Andrey S. <bl...@ru...> - 2003-09-11 07:55:34
|
Tuesday, September 9, 2003, 7:26:15 PM, you wrote: JM> well, i agree on the paranoid stuff, but i would say that if JM> you're a sysadmin, either you're paranoid before applying JM> for the job either you become quickly paranoid ! personnaly i was JM> a little before applying and got more and more as time goes by ! IANARCE (I Am Not A Real Crypto Expert :) but it looks like covering Abrams tank with some wood plates, "to increase armor strength". Computing passphrase entropy and requiring it to be "good enough" will be more useful security feature than some complex algorithms protecting against potential AES weakness. JM> and that's partly why i'm not using the corporate OS/software that JM> my company wants its employees to use on my laptop JM> but a nice, stable and as secure as possible freebsd JM> for the benchmarking of GBDE and mdcrypt i can find some time to JM> do some and let you know the results asap Thanks. I'm very interested how much this additional security costs, and I have no 5.x installed right now. -- Best regards, Andrey mailto:bl...@ru... |
|
From: Jean M. <jm...@pl...> - 2003-09-09 15:28:23
|
Hi :) not drunk anymore ? how is your head ;) for the english it's ok, it's not my mother tongue either so..! well, i agree on the paranoid stuff, but i would say that if you're a sysadmin, either you're paranoid before applying for the job either you become quickly paranoid ! personnaly i was a little before applying and got more and more as time goes by ! and that's partly why i'm not using the corporate OS/software that my company wants its employees to use on my laptop but a nice, stable and as secure as possible freebsd for the benchmarking of GBDE and mdcrypt i can find some time to do some and let you know the results asap see ya ! -j. On Sun, 7 Sep 2003 00:13:14 +0400, relay.infosec.ru wrote > > can't reply to this, but with GEOM/BDE now existing in 5.x i doubt it. it > > already seems that tcfs, from the ports also, has been abandonned. i don't > > know if vncrypt is still supported or at least will be upgraded to 5.x or > > follow the same path. there is not much talk in the ML since i applied, > so... > > Looking at GBDE, i thought its _TOO_MUCH_PARANOID_ (anyone really care about > AES insecurity? REALLY?) and looking at mdcrypt/vncrypt development. Can > anyone make some performance tests on mdcrypt and GBDE? Vncrypt was not > developed last year mostly because there is no user feedback at all, and > there is only few questions about 5-X version in last two months. > > Sorry for bad english, it's not my native, and i'm on vacation, drunk and so > on :))))) > -- No trees were destroyed in the sending of this message, however a significant number of electrons were terribly inconvenienced. |
|
From: relay.infosec.ru <bl...@ru...> - 2003-09-06 20:24:17
|
> done 240 gigs. Took 6 hours to make the dummy file. What is "dummy file"? Crypto container or file on crypto disk? >> works fine, afaik, under 4.x, i was unable to compile it for 5.1, so i had to >> dump files from one box to another when i upgraded my system to 5.1 > Haven't been able to compile either. Also, the sourceforge site suggests that it never will. Vncrypt never will, trust me :) mdcrypt is for 5.x-CURRENT. http://sourceforge.net/forum/forum.php?forum_id=204869 Almost same code, but in another "wrapper". |
|
From: relay.infosec.ru <bl...@ru...> - 2003-09-06 20:14:29
|
> can't reply to this, but with GEOM/BDE now existing in 5.x i doubt it. it > already seems that tcfs, from the ports also, has been abandonned. i don't > know if vncrypt is still supported or at least will be upgraded to 5.x or > follow the same path. there is not much talk in the ML since i applied, so... Looking at GBDE, i thought its _TOO_MUCH_PARANOID_ (anyone really care about AES insecurity? REALLY?) and looking at mdcrypt/vncrypt development. Can anyone make some performance tests on mdcrypt and GBDE? Vncrypt was not developed last year mostly because there is no user feedback at all, and there is only few questions about 5-X version in last two months. Sorry for bad english, it's not my native, and i'm on vacation, drunk and so on :))))) |
|
From: Andrey S. <bl...@ru...> - 2003-09-05 18:36:08
|
> It is calamity when missing keyfile,so encrypt virtdisk with password only > is good idea,can it come true? It is not a good idea. Passwords are not random enough to be used for direct disk encryption. > The other questions: > 1 How big file vncrypt can support? As big as any other freebsd file, 2^64 bytes, AFAIK. There is no additional restrictions. > 2 Can it work stable under 4.8 and 5.1 or higher? Vncrypt works on 4-stable only. There is mdcrypt patch for current, i made it about a year ago. There is reports that it works on 5.1-RELEASE. > 3 The virtdisk was made under 4.8, would it be used under 5.1 or higher? mdcrypt is compatible with vncrypt. |
|
From: Jean M. <jm...@pl...> - 2003-09-03 22:54:32
|
On Wed, 3 Sep 2003 21:56:38 +0300, Tommi L=E4tti wrote > On Wed, Sep 03, 2003 at 07:35:53PM +0100, Jean Martin wrote: > > > The other questions: > > > 1,How big file vncrypt can support?10G=A1=A220G=A3=BF or more? > >=20 > > i experienced up to 80Go, my guess is that it can even work with bigg= er=20 disks > > bad luck it's slow to read/write data encrypted, but one can't have=20 > > performance and security at the same time >=20 > done 240 gigs. Took 6 hours to make the dummy file. 'only' 6 hours for 240Go, which crypto was used ? i recall i had roughly around this time for my 80Go, using cbc-blowfish m= ax=20 level availlable, and i'm not sure i was blocked because of the load. to=20 improve speed i would have had to use a lesser encryption level/algo but=20 security was most important. > > > 2=A3=ACCan it work stable under 4.8 and 5.1 or higher? > >=20 > > works fine, afaik, under 4.x, i was unable to compile it for 5.1, so = i had=20 to=20 > > dump files from one box to another when i upgraded my system to 5.1 >=20 > Haven't been able to compile either. Also, the sourceforge site=20 > suggests that it never will. most probably, yep. > I'd give a serious thought to moving to GEOMBDE=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypt= ing. html > Gives loads of performance while incorporating better cryptographic=20 algortihms. i fully agree on this, much more than vncrypt does ever, but the more=20 powerfull your box is the more you can get from it as i have been able to= =20 experience, which is something i couldn't get with vncrypt it seemed to r= each=20 a bottleneck whatever CPU i used (but it may be because of me not doing t= he=20 right things.. unlikely but..) and i got better crypto and functionalitie= s,=20 but this is OT. so, quoting myself, one can't have both security and performance. however to stay close to this ML main theme, and to get back to the origi= nal=20 post, if you want to avoid keyfile considering it to be a single point of= =20 failure or else, GEOM/BDE is a possible alternative, vncrypt won't provid= e=20 this kind of trick because of it's concept but bear in mind that either solution makes you stick to one or the other= =20 architecture as you can't mix vncrypt with 5.1+ or bde with 4.x, at prese= nt at=20 least. thus making each of them complementary regarding to your system. -J. > --=20 > Sty -- No trees were destroyed in the sending of this message, however a significant number of electrons were terribly inconvenienced. |
|
From: Tommi <st...@ik...> - 2003-09-03 18:56:44
|
On Wed, Sep 03, 2003 at 07:35:53PM +0100, Jean Martin wrote: > > The other questions: > > 1,How big file vncrypt can support?10G=A1=A220G=A3=BF or more? >=20 > i experienced up to 80Go, my guess is that it can even work with bigger= disks > bad luck it's slow to read/write data encrypted, but one can't have=20 > performance and security at the same time done 240 gigs. Took 6 hours to make the dummy file. > > 2=A3=ACCan it work stable under 4.8 and 5.1 or higher? >=20 > works fine, afaik, under 4.x, i was unable to compile it for 5.1, so i = had to=20 > dump files from one box to another when i upgraded my system to 5.1 Haven't been able to compile either. Also, the sourceforge site suggests = that it never will. I'd give a serious thought to moving to GEOMBDE http://www.freebsd.org/do= c/en_US.ISO8859-1/books/handbook/disks-encrypting.html Gives loads of performance while incorporating better cryptographic algor= tihms. --=20 Sty |
|
From: Jean M. <jm...@pl...> - 2003-09-03 18:37:55
|
hi On Thu, 04 Sep 2003 00:15:04 +0800, ide wrote > It is calamity when missing keyfile,so encrypt virtdisk with=20 > password only is good idea,can it come true? not sure this is feasible, imho. but i'm no coder. why not backing up keyfile offsite ? > The other questions: > 1,How big file vncrypt can support?10G=A1=A220G=A3=BF or more? i experienced up to 80Go, my guess is that it can even work with bigger d= isks bad luck it's slow to read/write data encrypted, but one can't have=20 performance and security at the same time > 2=A3=ACCan it work stable under 4.8 and 5.1 or higher? works fine, afaik, under 4.x, i was unable to compile it for 5.1, so i ha= d to=20 dump files from one box to another when i upgraded my system to 5.1 > 3,The virtdisk was made under 4.8, would it be used under 5.1 or higher= ? can't reply to this, but with GEOM/BDE now existing in 5.x i doubt it. it= =20 already seems that tcfs, from the ports also, has been abandonned. i don'= t=20 know if vncrypt is still supported or at least will be upgraded to 5.x or= =20 follow the same path. there is not much talk in the ML since i applied, s= o... -J. -- No trees were destroyed in the sending of this message, however a significant number of electrons were terribly inconvenienced. |
|
From: ide <id...@my...> - 2003-09-03 16:15:03
|
It is calamity when missing keyfile,so encrypt virtdisk with password only = is good idea,can it come true? The other questions: 1,How big file vncrypt can support?10G=A1=A220G=A3=BF or more? 2=A3=ACCan it work stable under 4.8 and 5.1 or higher? 3,The virtdisk was made under 4.8, would it be used under 5.1 or higher? |
|
From: Andrew G. S. <Bl...@in...> - 2003-02-13 10:39:21
|
Hello. As I just found, mailserver filtered some messages from sourceforge last half year, so I never seen them. Sorry :(((( If someone still care about this messages, this is replies: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From: Dave Simpson <du...@ya...> Subject: [vncrypt-users] vncrypt and Freebsd 5.0 error When trying to install get this error on 5.0 In file included from /home/am/vncrypt-1.1/src/sys/dev/vncrypt/vn2.c:70: @/sys/buf.h:102: field `b_io' has incomplete type @/sys/buf.h:371: confused by earlier errors, bailing out *** Error code 1 =3D=3D=3D=3D=3D=3D=3D Vncrypt does not work on 5.0. Please read this http://sourceforge.net/forum/forum.php?forum_id=3D204869 and try mdcrypt or encryption subsystem included in CURRENT. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From: fs...@MI... Subject: [vncrypt-users] Question Regarding Near-Full File Systems Hi! First of all, thank you for creating vncrypt! It works great. I just have one question: I'm guessing that if a file gets encrypted, usually it will become bigger. So... if I create a vncrypt file system, and "df" reports that it now has 10000 free inodes, does that mean I can copy any data (up to 10000 inodes of data) into the file system (even data that expand a lot when encrypted), and I don't have to worry that the underlying virtual file may run out of space? =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Vncrypt does not encrypt files, it works with raw disk blocks. Blocks do not increase in size when encrypted and vncrypt disk works just like normal vn disk in any way. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D From: Andrey Ivaschenko <ai...@ma...> Subject: [vncrypt-users] Trouble At attempt to collect the package the error message was obtained: --------------------cut------------------------------------------- cc -O -pipe -I/usr/local/src/vncrypt-1.0/src/bin/vndecrypt/../../sys/ -I/usr/local/src/vncrypt-1.0/src/bin/vndecrypt/../vncryptctl -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wno-uninitialized -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wnon-const-format -Wno-format-extra-args -o vndecrypt main.o utils.o algs.o bf_cbc.o -lcrypto utils.o: In function `get_key_from_passphrase': utils.o(.text+0x18): undefined reference to `passfd' utils.o(.text+0x75): undefined reference to `passfd' utils.o(.text+0xc6): undefined reference to `passfd' *** Error code 1 --------------------cut------------------------------------------- the Variable passfd is defined in vncryptctl.h file as:=20 extern int passfd;=20 Searches of definition of this variable in sources the package=20 and a nucleus did not give any result.=20 Attempt to replace definition passfd was made on:=20 int passfd; After that the package was successfully going,=20 installed and like - @ works:))) it Is an error in the package=20 or all the same there should be a variable passfd and my=20 applied art will get out a side?=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This is an error in vncrypt-1.0 :( Fixed in vncrypt-1.1. ---------------------------------------------------------------------------= -- This footnote confirms that this email message has been swept by ClearSwift= MAILsweeper for Content Security threats, including computer viruses. |
|
From: Dave S. <du...@ya...> - 2003-02-09 20:11:55
|
When trying to install get this error on 5.0 In file included from /home/am/vncrypt-1.1/src/sys/dev/vncrypt/vn2.c:70: @/sys/buf.h:102: field `b_io' has incomplete type @/sys/buf.h:371: confused by earlier errors, bailing out *** Error code 1 Stop in /home/am/vncrypt-1.1/src/sys/modules/vncrypt. *** Error code 1 Stop in /home/am/vncrypt-1.1/src. *** Error code 1 Stop in /home/am/vncrypt-1.1. I get the same error with 1.0 in the PORTS collection. Looks like a nice package. What am I missing? Thanks __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com |
|
From: Andrew G. S. <Bl...@in...> - 2003-01-29 11:50:32
|
vncrypt-1.1 avaliable for download. Nothing really new, just a minor bugfixes. ---------------------------------------------------------------------------= -- This footnote confirms that this email message has been swept by ClearSwift= MAILsweeper for Content Security threats, including computer viruses. |
|
From: <fs...@MI...> - 2002-10-12 21:44:40
|
Hi! First of all, thank you for creating vncrypt! It works great. I just have one question: I'm guessing that if a file gets encrypted, usually it will become bigger. So... if I create a vncrypt file system, and "df" reports that it now has 10000 free inodes, does that mean I can copy any data (up to 10000 inodes of data) into the file system (even data that expand a lot when encrypted), and I don't have to worry that the underlying virtual file may run out of space? Thanks! |
|
From: Andrey I. <ai...@ma...> - 2002-10-01 11:13:29
|
Hi!
At attempt to collect the package the error message was obtained:
--------------------cut-------------------------------------------
cc -O -pipe -I/usr/local/src/vncrypt-1.0/src/bin/vndecrypt/../../sys/
-I/usr/local/src/vncrypt-1.0/src/bin/vndecrypt/../vncryptctl -W -Wall -Wstrict-prototypes -Wmissing-prototypes
-Wpointer-arith -Wno-uninitialized -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wnon-const-format
-Wno-format-extra-args -o vndecrypt main.o utils.o algs.o bf_cbc.o -lcrypto
utils.o: In function `get_key_from_passphrase':
utils.o(.text+0x18): undefined reference to `passfd'
utils.o(.text+0x75): undefined reference to `passfd'
utils.o(.text+0xc6): undefined reference to `passfd'
*** Error code 1
--------------------cut-------------------------------------------
the Variable passfd is defined in vncryptctl.h file as:
extern int passfd;
Searches of definition of this variable in sources the package
and a nucleus did not give any result.
Attempt to replace definition passfd was made on:
int passfd;
After that the package was successfully going,
installed and like - @ works:))) it Is an error in the package
or all the same there should be a variable passfd and my
applied art will get out a side?
OS: FreeBSD proxy 4.5-RELEASE FreeBSD 4.5-RELEASE #3:
Fri Apr 26 16:37:58 EEST 2002
root@proxy:/usr/src/sys/compile/GOK.20020423 i386
Package: vncrypt-1.0
--
Best regards,
Andrey mailto:ai...@ma...
|
|
From: Bill O'H. <wmo...@re...> - 2002-08-27 17:43:28
|
On Wed, Aug 21, 2002 at 03:57:35PM +0500, Andrey Sverdlichenko wrote: > You can download patch from http://tolok.net/mdcrypt-1.0.diff.gz > > You have to recompile your kernel with > > device md > options MD_CRYPT > > or do > > kldload md > kldload mdcrypt > > Timeout feature not implemented, but otherwise this patch is compatible > with vncrypt (both disks and keyfiles). > > Please report any problems. > I hard a hard getting the pieces of the patch in the right places, but that might have been because I was clumsy and stupid with patch rather than from any real problems. Once the code was in the right directories, it compiled up and ran nicely. Good work, Andrey! -Bill |
|
From: Andrey S. <bl...@to...> - 2002-08-21 10:58:05
|
You can download patch from http://tolok.net/mdcrypt-1.0.diff.gz You have to recompile your kernel with device md options MD_CRYPT or do kldload md kldload mdcrypt Timeout feature not implemented, but otherwise this patch is compatible with vncrypt (both disks and keyfiles). Please report any problems. |
|
From: Andrey S. <bl...@in...> - 2002-07-26 12:29:03
|
On Fri, 2002-07-26 at 17:00, Dave Raven wrote: > I need to have a fully unattended boot. > > I plan to sell the hard drive I'm talking about (in a box of > course) but as a product. Now if someone was to remove > the disk drive, and mount it on another FreeBSD box, > how can I prevent him from viewing whats in the virtual > drive - if he can see all my startup files. No way. Think about fully controlled environment like vmware, where any request to any hardware can be intercepted and "correct" answer can be returned. If attacker knows this answers, there is no way to decide is this original computer or not. And anyone with phisical access to computer can not only steal your hard drive, but also insert another, boot and collect any required information. This is why any copy-protection fails :) Sorry, but you need some secret and you must store it separate from computer, so it can't be stolen. And this breaks unattended boot, because you need to put this secret back to computer. |
