Encryption

I have covered just about everything possible for drive encryption in OpenBSD. My last post is on using the least recommended option for encrypted volumes. It is slower, unsupported, and unfortunately the best option for seamless operations :) The best way to think about svnd is if you have used truecrypt, it is very similar in that you create an image rather than actually encrypting the entire partition. Using some fancy linking and auto mounts you can use it for hosting your /home /tmp and others. The instructions are below, but unlike the last howto it assumes your system is already installed. This is because svnd does not require you to modify the system prior to /install and can be a good security implementation to use if you are already up and running: ...

My original idea was to post a dual how-to for both softraid and svnd, but due to the size of the posts with screenshots, I have decided against that. Since softraid is the path forward in the OpenBSD world I will start here. This post is not dial-up friendly, so be patient while it loads from my poor server. This post is part of my larger OpenBSD crypto series for which the other posts are below: ...

It is unfortunate, but the OpenBSD disk encryption tool-sets are no where near as mature as those found in FreeBSD or Linux. You would think with such a security focused operating system that disk encryption would be a no brainer. You would be wrong. On OpenBSD -misc mailing list you often get this impression with them: XKCD - Security ...

Letter Written in Cipher on Mourning Paper by Rose Greenhow If you have been following my posts as of late, you will have seen that I am on a anonymous bend. Some of my friends have wondered why I was seeking to disappear digitally and if that is the takeaway from my work it should not be. By the very act of posting this information I am by nature not anonymous. I think its important as our society becomes more open that we are able to close and keep private what we want. The option should always be yours. In that vein this post will cover email storage and usage. ...

Rakkhi posted a great Lessons Learned on implementing email encryption: http://rakkhi.blogspot.com/2010/08/implementing-email-encryption-lessons.html The post got me thinking because I struggle dealing with subcontractors getting encryption. I refuse to send sensitive or even somewhat sensitive data over unencrypted links, but find that small (and even midsize companies) do not have the resources to implement. In a bind I have trained them on installing GnuPG and doing trusted exchanges, but the same pitfalls occur. ...