[ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
Benjamin Schieder
blindcoder at scavenger.homeip.net
Fri Jun 22 06:00:33 UTC 2007
On 21.06.2007 14:03:14, coderman wrote:
> On 6/21/07, Benjamin Schieder <blindcoder at scavenger.homeip.net> wrote:
> >Since running `dmsetup table' still gives the required line to decrypt the
> >block device and LiveCDs generally do not have a secure `root' account,
> >running `dmsetup remove my_tor_home' after mount should be obvious.
>
> what about saving changes later? require re-auth and remount?
The mount will stay (and appear as /dev/mapper/my_tor_home on /home). It's
just the /dev/mapper_my_tor_home device and entry in `dmsetup table' that
will vanish.
> >> key scrubbing and robust key schedule (less data is encrypted per key
> >> than the others) for loop-aes multi-v3 may provide a useful benefit
> >> depending on your needs...
> >
> >The need is a Tor LiveCD.
>
> intended usage and environment is a better description. if the LiveCD
> is used for a client only, no long term identity keys stored, than any
> of the above should be fine. (this sounds like what you envision near
> term).
That's the one. I don't intend to have a Tor server LiveCD.
> 0. pre-boot auth:
> i like to use a small initrd to do this with a kernel configured
> without networking and other unnecessary device support. pivot_root,
> kexec, and exec init work well in this context...
The good thing is: The ROCK Linux initrd already supports exactly that.
It's how I set up my root-on-raid and encrypted-home-on-raid before
booting the system.
Greetings,
Benjamin
--
The Nethack IdleRPG! Idle to your favorite Nethack messages!
http://pallas.crash-override.net/nethackidle/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070622/5bcb7efd/attachment.pgp>
More information about the tor-talk
mailing list