Creating a encrypted directory during the server installation
2008/9/22 Dustin Kirkland <kirkland@canonical.com>:
> I think the Ubuntu Server has an opportunity to _lead_ in the Linux
> server industry in this case. And I think the new question in the
> installer actually provides exposure to this feature that is otherwise
> buried in the new /usr/bin/ecryptfs-setup-private command line
> utility.
>
I am now convinced of the usefulness of this feature that make sense,
and as it is just applied on a dedicated directory Private, the cost
of the protection on the server is low enough to ask for this small
question on the server installation. It can make people aware of the
empcryption gain they can have. (and it is normal also to me for a
server to have more questions at installation time than for desktop).
Maybe the prompt can also
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 02:40 AM
James Troup
Creating a encrypted directory during the server installation
Rick Clark <rick.clark@ubuntu.com> writes:
> While I think we need to take a very close look at installer
> usability in the future, I think that adding htis question makes
> little difference. It is easy to preseed it and avoid all
> questions.
Err, what?
a) if we take that attitude to each new potential question, the we'll
soon lose sight of the 'minimal questions during install' goal
that was (is?) an original feature/target of Ubuntu
b) preseed is great, but I think calling it 'easy' is , well,
optimistic
The encrypted directory feature is great stuff but I really don't
think it's worth adding as a question to all server installs for it;
at least not in the default mode.
--
James
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 06:46 AM
Thierry Carrez
Creating a encrypted directory during the server installation
I think encryption (whether full-disk or private encrypted dir) is an
absolute necessity on laptops. The private encrypted dir solution, with
its small performance hit, should even be enabled by default as a best
practice.
For desktops/servers, it can be useful, so it's more a question of
visibility of the feature vs. usability of the installer. At that point
I think we can still have an extra screen. However in the near future we
need to redesign the installer / tasksel screens so that we can expose
more and more features/stacks/roles to be installed on the server
without bloating the installer or hurting its usability.
--
Thierry Carrez
Ubuntu server team
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 01:27 PM
Rick Clark
Creating a encrypted directory during the server installation
On Monday 22 September 2008 21:40:56 James Troup wrote:
> Rick Clark <rick.clark@ubuntu.com> writes:
> > While I think we need to take a very close look at installer
> > usability in the future, I think that adding htis question makes
> > little difference. It is easy to preseed it and avoid all
> > questions.
>
> Err, what?
>
> a) if we take that attitude to each new potential question, the we'll
> soon lose sight of the 'minimal questions during install' goal
> that was (is?) an original feature/target of Ubuntu
My point was that this one question makes little difference to me personally.
We are planning on looking at the installer for Jaunty, and adding this for
this release, to help make a feature visible seems worth it.
I am far more concerned about the tasksel list growing and the annoying
keyboard detection.
Minimal questions during install has not, as long as I have been around, been
an expressed goal of the server edition. I do agree, however, that it is a
good thing to make the install as simple and streamlined as possible. I just
don't believe asking this one question has a huge effect.
>
> b) preseed is great, but I think calling it 'easy' is , well,
> optimistic
>
That entirely depends on who you are talking about. I found it to be
relatively straight forward.
> The encrypted directory feature is great stuff but I really don't
> think it's worth adding as a question to all server installs for it;
> at least not in the default mode.
>
> --
> James
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 05:43 PM
"Dustin Kirkland"
Creating a encrypted directory during the server installation
I feel compelled to mention one other thing...
Often, LVM encryption is *not* an option for servers where unattended
booting is absolutely required, as LVM encryption requires a
passphrase on startup.
With an encrypted ~/Private, no passphrase is required on boot, but
rather it's mounted/unmounted on login/logout.
----
That said, let me throw out another perhaps more controversial
option... What if we didn't ask, and we just provided ~/Private
encrypted by default? If unspecified, the mount passphrase is
randomly generated from 128 bits of /dev/urandom. We can do that
completely entirely and reliably without adding a screen to the
installer, and provide the system administrator user a secure,
encrypted location to drop critical data by default on any Ubuntu
Server.
The one challenge, however, is that we'd need to communicate to the
user their randomly generated passphrase, which they would need if
they needed to take extreme measures at some point to recover their
data.
:-Dustin
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 05:54 PM
"Adam Sommer"
Creating a encrypted directory during the server installation
Just my opinion, but I think the secured Private directory is a good idea and having the question in the installer doesn't add excessive "clutter", "complexity", or other "c" words to the installation process.* :-)* I keep config files, code, etc in a VCS and will move the information into the ~/Private directory, giving it one more layer of security.*
So I vote to keep the question in the installer... it's easy enough to say no and move on.
--
Party On,
Adam
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 06:24 PM
Ante Karamatic
Creating a encrypted directory during the server installation
On Tue, 23 Sep 2008 10:40:56 +0800
James Troup <james.troup@ubuntu.com> wrote:
> The encrypted directory feature is great stuff but I really don't
> think it's worth adding as a question to all server installs for it;
> at least not in the default mode.
I don't see a big use of it server area, but, to be honest, I was more
puzzled (during alpha 6 install) over new locale chooser and 'How do
you want to manage upgrades' question. The crypted one was
straightforward.
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-23-2008, 09:48 PM
Onno Benschop
Creating a encrypted directory during the server installation
On 24/09/08 01:43, Dustin Kirkland wrote:
> That said, let me throw out another perhaps more controversial
> option... What if we didn't ask, and we just provided ~/Private
> encrypted by default? If unspecified, the mount passphrase is
> randomly generated from 128 bits of /dev/urandom. We can do that
> completely entirely and reliably without adding a screen to the
> installer, and provide the system administrator user a secure,
> encrypted location to drop critical data by default on any Ubuntu
> Server
When I saw the previous posts come past I wondered if this wasn't a
better option. Leading by example.
I'm not familiar with how it's created, but could it be "built-in" as
you suggest and be created when an account is made as part of the
adduser process?
Could the (initial) pass-phrase be the user's login password?
--
Onno Benschop
Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA)
--
()/)/)() ..ASCII for Onno..
|>>? ..EBCDIC for Onno..
--- -. -. --- ..Morse for Onno..
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-25-2008, 03:28 AM
"Kienan Stewart"
Creating a encrypted directory during the server installation
Hi
I
was looking at the wikipedia article on /dev/random and /dev/urandom,
having previously not used them. The article linked to a paper that
analyzed the cryptographic procedures of the /dev/random and
/dev/urandom in linux. The main thing that I took out of paper and the
wikipedia article was that there was a small concern about the lack of
entropy available in /dev/random during installs and on livecds. If the
key is generated right after a reboot, they may not be sufficiently
random. I'm not sure, but this could be a thing to consider if keys are
going to be generated early in the install procedure. Would anyone else consider this a concern?
P.S. Sorry if I sent this to someone twice, gmail only replies to the last writer and not the list. My apologies.
On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <onno@itmaze.com.au> wrote:
On 24/09/08 01:43, Dustin Kirkland wrote:
> That said, let me throw out another perhaps more controversial
> option... *What if we didn't ask, and we just provided ~/Private
> encrypted by default? *If unspecified, the mount passphrase is
> randomly generated from 128 bits of /dev/urandom. *We can do that
> completely entirely and reliably without adding a screen to the
> installer, and provide the system administrator user a secure,
> encrypted location to drop critical data by default on any Ubuntu
> Server
When I saw the previous posts come past I wondered if this wasn't a
better option. Leading by example.
I'm not familiar with how it's created, but could it be "built-in" as
you suggest and be created when an account is made as part of the
adduser process?
Could the (initial) pass-phrase be the user's login password?
--
Onno Benschop
Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA)
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
09-25-2008, 03:37 AM
"Michael Casadevall"
Creating a encrypted directory during the server installation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've did some work implementing /dev/random in GNU Hurd (yes, yes, I
know :-P). Static bootups are fairly constant, i.e., poor source of
entropy, so that is a major problem. However, it might be possible to
have the user provide or generate entropy (maybe a friendly message
such as "Ubuntu needs to generate entropy to encrypt your files,
please bang on the keyboard like a monkey"), or the ability to provide
a private key from another source like a USB key or something.
Michael
On Wed, Sep 24, 2008 at 11:28 PM, Kienan Stewart
<kienan.stewart@gmail.com> wrote:
> Hi
>
> I was looking at the wikipedia article on /dev/random and /dev/urandom,
> having previously not used them. The article linked to a paper that analyzed
> the cryptographic procedures of the /dev/random and /dev/urandom in linux.
> The main thing that I took out of paper and the wikipedia article was that
> there was a small concern about the lack of entropy available in /dev/random
> during installs and on livecds. If the key is generated right after a
> reboot, they may not be sufficiently random. I'm not sure, but this could be
> a thing to consider if keys are going to be generated early in the install
> procedure. Would anyone else consider this a concern?
>
> P.S. Sorry if I sent this to someone twice, gmail only replies to the last
> writer and not the list. My apologies.
>>
>> On Tue, Sep 23, 2008 at 3:48 PM, Onno Benschop <onno@itmaze.com.au> wrote:
>>>
>>> On 24/09/08 01:43, Dustin Kirkland wrote:
>>> > That said, let me throw out another perhaps more controversial
>>> > option... What if we didn't ask, and we just provided ~/Private
>>> > encrypted by default? If unspecified, the mount passphrase is
>>> > randomly generated from 128 bits of /dev/urandom. We can do that
>>> > completely entirely and reliably without adding a screen to the
>>> > installer, and provide the system administrator user a secure,
>>> > encrypted location to drop critical data by default on any Ubuntu
>>> > Server
>>> When I saw the previous posts come past I wondered if this wasn't a
>>> better option. Leading by example.
>>>
>>> I'm not familiar with how it's created, but could it be "built-in" as
>>> you suggest and be created when an account is made as part of the
>>> adduser process?
>>>
>>> Could the (initial) pass-phrase be the user's login password?
>>>
>>>
>>> --
>>> Onno Benschop
>>>
>>> Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA)
>>> --
>>> ()/)/)() ..ASCII for Onno..
>>> |>>? ..EBCDIC for Onno..
>>> --- -. -. --- ..Morse for Onno..
>>>
>>> ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 -
>>> onno@itmaze.com.au
>>>
>>>
>>>
>>> --
>>> ubuntu-server mailing list
>>> ubuntu-server@lists.ubuntu.com
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
Creating a encrypted directory during the server installation
