https://geekyschmidt.com/tags/encryption/Recent content in Encryption onHugo -- 0.160.1enCopyright © 2002–2025, Nicholas Schmidt; all rights reserved.Mon, 24 Jan 2011 13:04:58 +0000https://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes/Mon, 24 Jan 2011 13:04:58 +0000https://geekyschmidt.com/2011/01/24/configuring-openbsd-svnd-for-encrypted-volumes/<p>I have covered just about everything possible for drive encryption in OpenBSD. My last post is on using the least recommended option for encrypted volumes. It is slower, unsupported, and unfortunately the best option for seamless operations :) The best way to think about svnd is if you have used truecrypt, it is very similar in that you create an image rather than actually encrypting the entire partition. Using some fancy linking and auto mounts you can use it for hosting your /home /tmp and others. The instructions are below, but unlike the last howto it assumes your system is already installed. This is because svnd does not require you to modify the system prior to /install and can be a good security implementation to use if you are already up and running:</p>https://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption/Wed, 19 Jan 2011 12:30:15 +0000https://geekyschmidt.com/2011/01/19/configuring-openbsd-softraid-fo-encryption/<p>My original idea was to post a dual how-to for both softraid and svnd, but due to the size of the posts with screenshots, I have decided against that. Since softraid is the path forward in the OpenBSD world I will start here. This post is not dial-up friendly, so be patient while it loads from my poor server. This post is part of my larger OpenBSD crypto series for which the other posts are below:</p>https://geekyschmidt.com/2011/01/09/openbsd-disk-encryption-options-softraid-and-svnd/Sun, 09 Jan 2011 15:38:53 +0000https://geekyschmidt.com/2011/01/09/openbsd-disk-encryption-options-softraid-and-svnd/<p>It is unfortunate, but the OpenBSD disk encryption tool-sets are no where near as mature as those found in FreeBSD or Linux. You would think with such a security focused operating system that disk encryption would be a no brainer. You would be wrong. On OpenBSD -misc mailing list you often get this impression with them:<figure id="attachment_1504" style="width: 300px" class="wp-caption alignleft"></p> <p><a href="http://xkcd.com/538/"><img class="size-medium wp-image-1504" style="border: 3px solid black; margin: 3px;" title="XKCD - Security" src="http://i0.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/security.png?resize=300%2C183" alt="XKCD - Security" srcset="http://i0.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/security.png?resize=300%2C183 300w, http://i0.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/security.png?w=448 448w" sizes="(max-width: 300px) 100vw, 300px" data-recalc-dims="1" /></a><figcaption class="wp-caption-text">XKCD - Security</figcaption></figure></p>https://geekyschmidt.com/2011/01/07/herodotus-ta/Fri, 07 Jan 2011 11:03:30 +0000https://geekyschmidt.com/2011/01/07/herodotus-ta/<figure id="attachment_1493" style="width: 201px" class="wp-caption alignleft"><a href="http://i2.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/3679495958_83af992768.jpg" rel="lightbox[1487]"><img class="size-medium wp-image-1493 " style="margin: 3px; border: 3px solid black;" title="cipercivilwar" src="http://i2.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/3679495958_83af992768.jpg?resize=201%2C300" alt="National Archives" srcset="http://i2.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/3679495958_83af992768.jpg?resize=201%2C300 201w, http://i2.wp.com/geekyschmidt.com/wp-content/uploads/2011/01/3679495958_83af992768.jpg?w=336 336w" sizes="(max-width: 201px) 100vw, 201px" data-recalc-dims="1" /></a><figcaption class="wp-caption-text">Letter Written in Cipher on Mourning Paper by Rose Greenhow</figcaption></figure> <p>If you have been following my posts as of late, you will have seen that I am on a anonymous bend. Some of my friends have wondered why I was seeking to disappear digitally and if that is the takeaway from my work it should not be. By the very act of posting this information I am by nature not anonymous. I think its important as our society becomes more open that we are able to close and keep private what we want. The option should always be yours. In that vein this post will cover email storage and usage.</p>https://geekyschmidt.com/2010/08/28/netcraft-confirms-pgp-email-encryption-is-dead/Sat, 28 Aug 2010 09:08:32 +0000https://geekyschmidt.com/2010/08/28/netcraft-confirms-pgp-email-encryption-is-dead/<p>Rakkhi posted a great Lessons Learned on implementing email encryption:</p> <p><a href="http://rakkhi.blogspot.com/2010/08/implementing-email-encryption-lessons.html">http://rakkhi.blogspot.com/2010/08/implementing-email-encryption-lessons.html</a></p> <p>The post got me thinking because I struggle dealing with subcontractors getting encryption. I refuse to send sensitive or even somewhat sensitive data over unencrypted links, but find that small (and even midsize companies) do not have the resources to implement. In a bind I have trained them on installing GnuPG and doing trusted exchanges, but the same pitfalls occur.</p>https://geekyschmidt.com/2009/08/28/pgp-for-mac-whole-disk-encryption-review/Fri, 28 Aug 2009 14:51:48 +0000https://geekyschmidt.com/2009/08/28/pgp-for-mac-whole-disk-encryption-review/<p>Wanted to share a quick “how does it work” about PGP WDE for Mac.</p> <p><a href="http://www.pgp.com/mac/">http://www.pgp.com/mac/</a></p> <p>This is the only solution that does pre-boot and true WDE for the Mac. The software is 189 for a yearly license or 239 for perpetual. The software itself is very “apple-ish” with great wizards and walk through for those not familiar with key based authentication and encryption. Some of the features are:</p> <ul> <li> <p>WDE for Intel based Mac running 10.4/10.5, no SL due to the 64bit kernel from the debug trace on my Mac Pro :)</p>