Contributed by
jose
on
from the private-disk-devices dept.
Pete
writes:
"Hi!
As a security consultant, I spend a lot of time travelling & unfortunately often have customer confidential data (with permission) on my Laptop HDD. I use a PowerBook G4 with dualboot OBSD & OSX. Currently I store my confidential data in OSX encrypted disk images. I'm keen to push it over to an OBSD vnode type hideaway. At the same time I'd like to utilise one of these cheap USB keychain dongles to store my de/en - cryption 'keys' on. So my question is does anyone have any experience of this ? e.g which makes are cheap/robust/secure & how do they appear to OBSD (IDE disk or ?)
thanks... "
Actually, I have one of these also with an encrypted filesystem on it, and it's damn handy. I used vnconfig -k, however. Any recipes that don't use that method?
I keep my keys and portable data on Compact Flash
(CF) cards.
I have a tiny USB-CF reader, a CF-to-PCMCIA sled,
an ATA-to-CF adaptor, and a stack of CF cards
of various sizes.
This gives me better speed, scalability,
cost-effectiveness and future-proofing than USB "flash keys".
CF cards are cheaper (locally) per meg than
USB-flash, and I
can still interop with systems that don't have USB, such
as my elderly laptop.
(BTW, usb-cf and usb-flash appear as SCSI
drives, since the usb mass-storage profile uses
the scsi command set)
By
jenny () ireland@mmathias.com
on
openbsd.mmathias.com
I use one of those small diameter CD-R's for storing my keyfiles. They are very cheap, you can easily destroy them and there might even be CD-RW's out there. I think one of those discs can store up to 250 megs and they can be used in any computer that has a CD-ROM drive - no need for a CF slot!
I don't know how handy those would be with the slot loading drive the powerbook uses. But for tray loading cd drive it's be swell.
By
Anonymous Coward ()
on
Yup, the CD-RW's are out there. They actually hold more than the CD-R's from the types i've run across so far.
By
jenny () ireland@mmathias.com
on
openbsd.mmathias.com
yes, i can really recommend using them. you can even burn some of your favorite music and listen to it on your car cd player (if it supports the small diameter cds). :-)
By
Anonymous Coward ()
on
Those will *not* work with slot loading cd drives. :(
By
Anonymous Coward ()
on
Wasn't there some part of FreeBSD (GEOS or something) that was imported that would let it do encrypted FS in a way that doesn't suck (ie, vnode)?
By
Anonymous Coward ()
on
Install PAM and pam_usb module.
It runs fine on my Linux laptop and only when I insert my usb key and type in my password I can mount the encrypted filesystem
i use a 64 MB USB key for private files, and i used dd to create a large file, vnconfig -k to use the file as a filesystem with an encryption key, and then i just mount the vnd0 device as a disk afer that. easy as pie ...
I use a Memorex 256Mb USB flash drive to hold all of my ssh keys. The mount of the pendrive is handled by amd. The keys are stored on a cfs encrypted directory. A simple script pulls up ssh-askpass to get the cfs volume's passphrase, handles the attach, adds the keys to my ssh-agent and then disassembles the whole thing. The primary security is in the fact that the cattach times out after like 10 seconds and the keys are on the USB thumbdrive with me.
I got a question in email about how I did this. I posted the steps at my website:
pendrive-ssh-keys
It's really rough. Send me questions
--Chris
By
Anonymous Coward ()
on
When I need to encrypt some files fast&easy, I just put them in a tarball, and encrypt that:
$ tar cvzf - ./* | openssl enc -bf -out encrypted.tgz
(don't forget to wipe out the original files)
and to decrypt it again:
$ openssl enc -bf -d -in encrypted.tgz | tar xvzf -
It's not perfect, but it's nice for safely transporting sensitive data, eg. on a floppy/cdrom.
By
Anonymous Coward ()
on
Dug Song has a script you may want to look at:
http://www.monkey.org/~dugsong/tmp/aestar
By
ann onimous ()
on
GPG anyone?
Comments
By
Anonymous Coward ()
on
We're all lazy bums, and gpg has to be installed, while openssh comes with default install :) lol
By Christopher Biggs () unixbigot@pobox.com on mailto:unixbigot@pobox.com
I keep my keys and portable data on Compact Flash (CF) cards.
I have a tiny USB-CF reader, a CF-to-PCMCIA sled, an ATA-to-CF adaptor, and a stack of CF cards of various sizes. This gives me better speed, scalability, cost-effectiveness and future-proofing than USB "flash keys".
CF cards are cheaper (locally) per meg than USB-flash, and I can still interop with systems that don't have USB, such as my elderly laptop.
(BTW, usb-cf and usb-flash appear as SCSI drives, since the usb mass-storage profile uses the scsi command set)
By jenny () ireland@mmathias.com on openbsd.mmathias.com
Comments
By Nathan Ryan Milford () nmilford@hotmail on mailto:nmilford@hotmail
By Anonymous Coward () on
By jenny () ireland@mmathias.com on openbsd.mmathias.com
By Anonymous Coward () on
By Anonymous Coward () on
By Anonymous Coward () on
Install PAM and pam_usb module.
It runs fine on my Linux laptop and only when I insert my usb key and type in my password I can mount the encrypted filesystem
By jose () on http://monkey.org/~jose/
Comments
By Chris Hilton () ecks@vindaloo.com on mailto:ecks@vindaloo.com
-- Chris
Comments
By Chris Hilton () ecks@vindaloo.com on http://www.vindaloo.com/~chris
By Anonymous Coward () on
$ tar cvzf - ./* | openssl enc -bf -out encrypted.tgz
(don't forget to wipe out the original files)
and to decrypt it again:
$ openssl enc -bf -d -in encrypted.tgz | tar xvzf -
It's not perfect, but it's nice for safely transporting sensitive data, eg. on a floppy/cdrom.
By Anonymous Coward () on
http://www.monkey.org/~dugsong/tmp/aestar
By ann onimous () on
Comments
By Anonymous Coward () on
No, seriously, of course GPG is an option too!