Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Fileserver with Bittorrent Web Interface

Posted by timothy on from the freenetesque dept.

mistermark writes "I built a fully encrypted (samba) fileserver with a web interface for managing torrent downloads on it. All I used is OpenBSD 3.6 and its package collection, except for the TorrentFlux-interface (which you need to install separately). Anyway, it can be built using binary packages only. I included a rough HOWTO on how to make one of these yourself."

51 of 266 comments (clear)

  1. Nice by slashalive · · Score: 5, Funny

    Now you can seed your secret corporate documents!

  2. why? by Anonymous Coward · · Score: 5, Insightful

    Pertend I'm stupid, why would I want this?

    1. Re:why? by big_groo · · Score: 5, Funny
      Pertend I'm stupid...

      No need.

    2. Re:why? by jurt1235 · · Score: 3, Informative

      Simple: You have random users which make backups to your machine but don't want anybody else to be able to read these backups.

      --

      My wife's sketchblog Blob[p]: Gastrono-me
    3. Re:why? by caluml · · Score: 5, Insightful

      Yeah, I can't work this out either. The problem with torrents is not storing them safely, or downloading them safely. It's that when you start downloading a file using torrents, your IP address is known by the tracker which gives away the fact you're a downloader.
      Sure, store them on an AES-256 encrypted filesystem, sure, use SSL for the transfer. But it doesn't help the fact that the downloaders/uploaders are known.

      --
      Get your own free personal location tracker
    4. Re:why? by theraccoon · · Score: 2, Insightful

      I don't know. TFA says:

      "You at least need to proof the person actually possesses the data and in my case... good luck proofing that."

      Actually... Bittorrent shows who's connected to you, who's uploading to you, and who's downloading from you. Those logs, at least in the good 'ole US of A, are proof enough for God the RIAA to file a lawsuit against you (or as the case may be, your IP address). The RIAA has never had to confiscate a file sharer's HD or computer, but I bet if they did, they could find someone or some way to de-crypt the files on that server. A fun experiment, but as far as I can see, it's not very practical in terms of stopping a lawsuit.

    5. Re:why? by Elshar · · Score: 2, Insightful


      I'm pretty sure that no HTTP proxy service would be terribly thrilled should you start hammering their connection with your warez'd bittorrent transfers.

      Not to mention you don't know if they are logging who uses their proxy servers. It wouldn't be hard to track + log connections. And, should they get a subpeona, they WILL relinquish that information.

  3. slashdotted by crazyray · · Score: 4, Funny

    from the "about" page: Professional co-location was/is out of the question simply because of the costs and I did/do have bigger plans than to be able to host this kind of thing at home. To be honest, if this thing grows any bigger I'll be moving the whole shebang to a datacenter after all... Prices have dropped quite a bit since about two years ago and now. But, until then, all this comes from my server at a friends house where he has an amazing 10mbit up&down.

    Well, I guess he USED to be your friend, until you slashdotted his internet connection....

  4. Also encrypted my machine by jurt1235 · · Score: 5, Funny

    It now looks like a toaster.

    --

    My wife's sketchblog Blob[p]: Gastrono-me
  5. Re:Piracy how-tos? by LebenOjanen · · Score: 2, Interesting

    The truth and something we hear over and over and over and over and over again are two different things. :)

  6. Note to law enforcement. Dont reboot. by Bazman · · Score: 4, Interesting

    I'm guessing the encryption password needs to be re-entered on reboot (before mounting the FS, it seems). So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain. Just dd it all across the network.

    And oh yeah, with SMB as your network file system, is the traffic securely encrypted? Weakest link, and all that...

    Baz

    PS yes, I know you're only doing legal stuff :)

    1. Re:Note to law enforcement. Dont reboot. by xbytor · · Score: 2, Interesting

      So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain.

      I've always had the power strip for my box on the floor next to my left foot. If I need to do an emergency power-off cuz the FBI wants to talk to me or because I got some Jenna Jameson on the screen and my boss just walked in, I can hit it in a hearbeat.

      Not that I would ever put myself in a situation like that, but I'd rather be prepared "just in case".

    2. Re:Note to law enforcement. Dont reboot. by Beryllium+Sphere(tm) · · Score: 2, Interesting

      >Just dd it all across the network.

      Of course, that's dd from a CD-ROM full of statically linked programs. Investigators shouldn't trust target machines for anything. And if you ever look at a machine that may wind up in court, make sure you don't do anything that writes to the hard disk.

      The Secret Service guidelines for seizing computers say to consult a computer specialist if possible before doing anything, but if there's no specialist to be had they say to yank the power cord.

      Doing investigations right is *hard*.

  7. Re:Piracy how-tos? by Anonymous Coward · · Score: 5, Insightful

    ummm, are you a moron? Just because it says "torrent" does NOT mean piracy. There are many legitimate uses for bittorrent and many legitimate reason to want to encrypt files....put them together and what do you get? RTFA next time you fucking mpaa monkey.

  8. Re:Piracy how-tos? by Rakshasa+Taisab · · Score: 5, Insightful

    Much is illegal and depending on your ethical belifs much more may be immoral. But do not assume one is a superset/subset of the other. Most you can propably say about it is that they intersect.

    --
    - These characters were randomly selected.
  9. Big fan... by __aaclcg7560 · · Score: 3, Funny

    Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.

  10. I did this once... by k4_pacific · · Score: 4, Funny

    I built a fully encrypted system once. Even the source was encrypted. Sadly, I lost the key and it was all for naught...

    --
    Unknown host pong.
    1. Re:I did this once... by Anonymous Coward · · Score: 3, Funny

      I want to write a freeware opensource encryption program. I will advertise only that it will encrypt the contents of "My Documents" so that nobody can decrypt it.

      After that my program will print a message about the commercial version having support for decryption and where to send $25.00 via Pay Pal.

  11. Defeats the purpose... by Doodhwala · · Score: 4, Insightful

    So, what exactly does this accomplish? When you use Bittorrent, the protocol both downloads and uploads data at the same time (look up the tit-for-tat policy followed by BT to ensure fairness). If you were in the US, all the RIAA needs to do to sue you is download a single chunk of data from you. They don't need to break your door down and cart the computer away. So, the encryption is moot anyway.

  12. Blizzard by Alcimedes · · Score: 4, Funny

    Shit, you better call up Blizzard quick. They've been using this warez technology to distribute their game patches. Who knew all torrents were illegal!

    Douche bag.

  13. now that's useful by commodoresloat · · Score: 2, Funny

    encrypted mp3s sound so much better than regular ones.

    1. Re:now that's useful by Surt · · Score: 2, Funny

      No no no, the point is that they sound so much worse to everyone else. The RIAA browsing your filesystem for example.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  14. Mirror? by Fjornir · · Score: 2, Interesting

    Site is not responding. Anyone have a mirror? Anyone who happened to read it able to comment on how this compares to Freenet ?

    --
    I want a new world. I think this one is broken.
  15. Obstruction of justice by Anonymous Coward · · Score: 5, Informative

    If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice. The maximum sentence of obstruction of justice is the same as the crime you are trying to avoid. So it really doesn't help you avoid anything.

    http://www.ohiobar.org/pub/lycu/index.asp?articlei d=138

    1. Re:Obstruction of justice by fbjon · · Score: 2, Interesting

      But if the very long and complex password is stored in a file, which doesn't exist, is that obstruction?

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    2. Re:Obstruction of justice by galdur · · Score: 2, Insightful

      I wonder how the data retention^h^h^h^h^h^h^h^h^h deletion policies corporations such as Microsoft have put in place on e-mail would fare in that regard....

    3. Re:Obstruction of justice by fbjon · · Score: 2, Insightful

      Ok, so what if the key is only held in memory, or perhaps some kind of self-destructing key such that the loss of the key is invoked by the authorities, not the accused... is there a line somewhere?

      --
      True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
    4. Re:Obstruction of justice by Albinofrenchy · · Score: 5, Interesting

      Password? Encrypted? Officer, those files aren't encrypted, they are just randomly generated files I made... On a more serious note, it would be a nice safety feature if that when a certain wrong password was typed in, it would show an unencrypted version of something completely legal.

      --
      "A man is but the product of his thoughts what he thinks, he becomes." -Mahatma Gandhi
    5. Re:Obstruction of justice by mbaciarello · · Score: 2, Informative

      Let me get this straight with another example:

      Cop: "Are you guilty of [crime]?"

      Me: "No!" or

      Me: "..."

      Despite my handsomely elaborate defense, I end up in jail for [crime] with a definitive sentence.

      At that point, the zealous cop shows up and tells me he's also going to charge me with obstruction of justice, because he kindly asked me a question the first time around, and I lied or said nothing?

      You got it backwards, I guess. The suspect is never required to collaborate with his/her prosecutors. They may strike a deal if they choose to do so. Obstruction of justice is a felony witnesses and persons who haven't been charged commit.

      One instance where you could be right might be if a suspect tampers with something that already has been "identified" as evidence, or falsifies something as evidence in their defense. Your linked citation doesn't mention a single instance where a suspect is actually committing obstruction of justice. RTFC.

    6. Re:Obstruction of justice by Anonymous Coward · · Score: 2, Interesting

      That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files. Then all they have is, for example, a bunch of fake emails about you cheating on your spouse or something. I mean, if it was just a shopping list, that'd look suspicious, you'd want it to be something that would need to be encrypted, but not of interest to the party forcing you to surrender the info.

    7. Re:Obstruction of justice by Odin's+Raven · · Score: 2, Informative
      That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files.

      I'm not sure if we're thinking of the same project, but the one I knew was called "rubber hose". For a while, it was hosted at www.rubberhose.org, but that site dropped off the net several years ago, and to the best of my knowledge has not reappeared since.

      A few sites still carry copies of the rubberhose 0.8.3 source - a quick Google for the tarball returns a half-dozen or so hits, although some of the copies no longer exist.

      The goal of the project was to allow a virtually unlimited number of encrypted filesystems to live on a drive, each with its own key. If someone attempts a "rubber hose" crypto attack (beating you with a rubber hose until you cough up a key), you can provide key(s) for accessing the sacrificial filesystem(s). Since there's no way for the attacker to know how many keys you may have created, there's no way for the attacker to be certain that you've handed over every single key. Conversely, there's also no way for you to prove that you've actually cooperated and turned over every key. The doc/beatings.txt file from the source tarball has some interesting thoughts about the implications of neither attacker nor defender being able to prove/disprove the existence of additional keys.

      --
      A marriage is always made up of two people who are prepared to swear that only the other one snores.
  16. Already Been Done by Alien+Venom · · Score: 2, Informative

    I've already been doing this for quite some time now with Azureus, and the Swing Web Interface plugin alongside RSS Feed Scanner plugin (to download TV shows automatically). There's even an IRC bot plugin to allow control over an IRC network/channel.

    Why is my way better? Well, the default BitTorrent client is somewhat lacking feature wise. Azureus is more powerful and gives you more control over what to do with the torrents when they are done downloading. Not to mention the support for trackerless torrents in the latest version. As for encryption goes... uh, why? The only people who have access to my "files" are those that are on the network. And the Swing Web Interface plugin has password functionality with HTTP SSL (you need GPG to be installed).

  17. Be very, very careful when using EFS!!! by Futurepower(R) · · Score: 5, Informative


    Be very, very careful when using the Windows XP built-in file encryption, called EFS (Encryping File System).

    EFS is very poorly documented. The encryption is tied to your user password in a way that is apparently not documented. EFS depends on being part of a Windows 2003 Server domain in a way that is not clearly documented; if you are using Windows XP on a stand alone computer, there are situations in which you will lose your files forever.

    Microsoft technical support agrees with what I just said, and provides no help or fixes.

    The official Microsoft forums contain the complaints of many people who have lost their files due to problems with EFS. One man said he lost 11 years of research.

    People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize how bad Microsoft truly is.

    1. Re:Be very, very careful when using EFS!!! by Ph33r+th3+g(O)at · · Score: 3, Informative

      And don't forget that as a member of a domain, a GPO can cause an EFS key to be escrowed with the admininstrators. So if you're thinking this will hide your MP3z at work from the domain admins or SMS sweeps, no go. (Of course, if the filesystem is mounted during an SMS enumeration/collection sweep, it doesn't matter what encryption you're using.)

      --
      I too have felt the cold finger of injustice.
    2. Re:Be very, very careful when using EFS!!! by Universal+Indicator · · Score: 5, Insightful

      11 years of research without a single backup? Sounds like the person was asking for it!

    3. Re:Be very, very careful when using EFS!!! by LnxAddct · · Score: 5, Insightful

      Perhaps he was encrypting his backups because of the nature of the research.
      Regards,
      Steve

    4. Re:Be very, very careful when using EFS!!! by nolife · · Score: 2, Informative

      I use Truecrypt. It is free and open source. Provides much more flexibility and the encrypted source file(s) can be stored on any medium (network, flash, floppy, etc..) Sure it is not durectly integrated into the OS but for me, it strikes the perfect balance between security and piece of mind.

      --
      Bad boys rape our young girls but Violet gives willingly.
    5. Re:Be very, very careful when using EFS!!! by ConceptJunkie · · Score: 2, Informative

      It's probably the same as their position on the bug that causes Outlook 2003 to randomly lose data once the database file size gets up to about a gig and a half. They don't care.

      "You're just a user so screw off. We're far too important to worry about your stupid data."

      I can't see any other explanation.

      --
      You are in a maze of twisty little passages, all alike.
    6. Re:Be very, very careful when using EFS!!! by uhlume · · Score: 2, Informative

      Bullshit. EFS isn't tied to your user password in any way, undocumented or otherwise: it's tied to a certificate created the first time you encrypt any file on your filesystem. Without this certificate, you'll be unable to access your encrypted files, regardless what user account or password you happen to be using, so it's wise to back up your certificates to a CD in case of accidental deletion or corruption. THIS IS TRUE OF ANY SECURITY CERTIFICATE UNDER WINDOWS OR ANY OTHER OPERATING SYSTEM. If you can't be bothered to read the documentation for a high-powered feature before using it, don't complain if your lack of preparation backfires on you.

      --
      SIERRA TANGO FOXTROT UNIFORM
    7. Re:Be very, very careful when using EFS!!! by Dibblah · · Score: 3, Informative

      Not documented, huh?

      http://support.microsoft.com/default.aspx?scid=kb; EN-US;q290260

      Summary: Rejoin your original domain and change your password to your original password.

      People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize that if all you wannabe Windows Administrators left the "market", the world would be a better place for everyone.

  18. Differentl laws in that country make this useful! by orionware · · Score: 3, Insightful

    At first I thought, "wtf good is that?!". I figured it was for the ultra paranoid. Then I realized. He lives in a country where the law has to actually have physical proof of you breaking the law. Here in the US I don't think they feds need to kick in the door and find your mp3s being fed to the world to actually charge you. They just strongarm your ISP for your info.

    The theory in his country being if they can't find anything on your drive, then they can't prove shit.

    Must be nice...

    --


    Karma means nothing to me, so suck it...
  19. For Your Eyes Only... by xtracto · · Score: 2, Informative

    from MSDN: Taking Recovery Precautions

    Recovering Encrypted Files

    Any data recovery agent can recover an encrypted file when a user's private key fails to decrypt the file.

    To recover an encrypted file
    1. Log on to a computer that has access to the user's profile; for example, a computer that has a designated recovery console or a recovery key on removable media such as a floppy disk. You might log on at the user's computer or the user might have a roaming profile.
    2. Locate the encrypted file. For example, the user might have made a backup of the file by using Backup or sent the file to a WebDAV Web folder.
    3. Decrypt the file by using either the cipher command or My Computer. This will make the file available to the user.

    For more information about decrypting files, see "Working with Encryption and Decryption" earlier in this chapter.

    As for corrupted encripted files, well, I think it is almost impossible for an encripted file to be restored if it is corrupted, unless it has some kind of recovery record overhead...

    Of course, I would better opt out for an standard open cyphering method.

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  20. Re:Obstruction of justice --misleading wording. by Anonymous Coward · · Score: 3, Funny

    You use the phrase "don't hand over" but this is an oversimplification of a complicated legal issue.
    Let's take two examples.
    Example One
    You say: "Fuck you dirty rat coppers, I have the key and I spit at your entire justice system which I haven nothing but contempt for. I have the key and I refuse to give it to you. Go to hell."
    Well, in that case I think you might be right.
    But let's try another instance of "don't hand over" that has different implications.
    Example Two
    You say: "Key? What key? You mean the key to the house? Oh, the computer. It doesn't need a key. Oh, you mean an encrypted file key? How's that work now? I'm not sure about all that really. Maybe you should ask my lawyer.
    I think the second one is hardly going to be grounds for obstruction because by the time you and your lawyer talk it out for a few hours you'll come up with a good one.
    Ronald Reagan pulled that crap under oath in front of the Senate for Iran Contra and he was snickering he thought it was so funny that fucking asshole. And they didn't find that old bastard in contempt.

  21. Slashdotted - Mirrors Here by Kinetic · · Score: 2, Informative

    It looks like the article is down. As usual, MirrorDot has the mirror available.

    --
    ~Jay
  22. Website Fried by QBasicer · · Score: 5, Funny

    In other news, MySQL is out of memory, and if you click the little help link it provides, it takes you to the best 404 page i've seen. (Click here for direct link)

    --
    x86, oh yes, I'm pro.
  23. Many scattered, poorly written documents about EFS by Futurepower(R) · · Score: 2, Informative


    I've read the many scattered, poorly written documents about EFS. I find them very misleading. For example, the information above does not say that it applies only if the encrypting computer is part of a Windows domain.

  24. 404 Fried too by bshroyer · · Score: 2, Insightful

    Cool! First we /. the website, then we /. the 404 page. Where can we go from here?

    --
    The cure for cancer is coming: Reovirus
  25. You act sure, but you say, "I believe." by Futurepower(R) · · Score: 3, Informative


    You said, "This is another example of mod-by-agreement. Anyway, EFS is documented perfectly well."

    Correction: This is another example of someone on Slashdot acting sure when he knows nothing about the issue, and didn't even read the document at his first link in his Google Search: Microsoft Windows XP - Data Recovery and Data Recovery Agents, which says:

    "The default design for the EFS recovery policy is different in Windows XP Professional than it was in Windows 2000 Professional. Stand-alone computers [using Windows XP] do not have a default DRA, but Microsoft strongly recommends that all environments have at least one designated DRA.

    "In a Windows 2000 environment, if an administrator attempts to configure an EFS recovery policy with no recovery agent certificates, EFS is automatically disabled. In a Windows XP Professional environment, the same action enables users to encrypt files without a DRA. In a mixed environment an empty EFS recovery policy turns off EFS on Windows 2000 computers, but only eliminates the requirement for a DRA on Windows XP Professional computers."

    This information means that you can lose your files in Windows XP in a way that you could not lose them in Windows 2000. Microsoft made this change, but provided no on-screen warning.

    The Microsoft document quoted above says, "Stand-alone computers do not have a default DRA,..."

    It should say, Stand-alone computers CANNOT have a DRA that allows decryption of files from a different computer with the same user name and password.

    As I mentioned, this was verified by Microsoft Tecnhical Support representatives, as was the information in my parent post.

    You said above, "I believe the process can be started with a simple cipher /r." This is a VERY serious matter. People lose their files!!! You should not be posting comments in which you take a seemingly sure position, but that sureness is based on "belief".

    1. Re:You act sure, but you say, "I believe." by Foolhardy · · Score: 2, Interesting
      The only difference between 2000 and XP's EFS system for data recovery agents (DRAs) is that 2000 used to make administrators DRAs by default but XP requires you to do it manually using this procedure.

      Yeah, you can lose your data, if you reset the user's password. Before you reset a password, a big ugly warning box is shown stating that the user might expierence data loss. (a dialog not present in 2000). It's not like you'll magically lose your files in XP for no reason.
      This information means that you can lose your files in Windows XP in a way that you could not lose them in Windows 2000. Microsoft made this change, but provided no on-screen warning.
      This isn't a new way to lose files. It's a simple change in the default configuration. An on screen warning? What do you want, an immense file shown on screen during installation listing all the changes in the operating system since the last version? A warning displayed every time you encrypt a file? What if the user really wants to have no DRAs?

      If you are concerned about the status of DRAs, go and check the group policy yourself.
      If you don't know how to set up and query DRAs correctly (it's not hard) then you shouldn't be using EFS at all.
      It should say, Stand-alone computers CANNOT have a DRA that allows decryption of files from a different computer with the same user name and password.
      Sure you can. Make sure you connect using the "Connect using a different user name" option. You may have to do it by mapping a drive letter. If you have computers where you are maintaining a set of identical users with the same passwords, it's probably time to upgrade to a domain. That's what they are for.
  26. Re:oops url by OrangeTide · · Score: 2, Funny

    Well there is Jesux. A christian Linux distro.

    --
    “Common sense is not so common.” — Voltaire
  27. Re:EFS encrypts with two passwords. by Foolhardy · · Score: 2, Informative

    Not exactly. A public/private key set is generated the first time you encrypt a file. The public key is used to encrypt files and the private to decrypt them. The only place these keys are stored are in a special key store that is encrypted with your password, unless you explicitly export the keys with the Certificates snap-in. On a domain, this is in the Active Directory and on stand-alone computers it's in the SAM. When your account is deleted or the password is reset, the key store is lost. Even though you have the original password, the old key store is gone. At this point, you re-import your backed up keys into the new store.
    There aren't any 'hidden passwords'.