What I would recommend and personally employ... First, fill the disk with a random background: # cryptsetup --cipher=aes-xts-essiv:sha256 -s 256 --key-file=/dev/random create mapper1/dev/sdz # cryptsetup --cipher=twofish-xts-essiv:sha256 -s 256 --key-file=/dev/random create mapper2/dev/mapper/mapper1 # dd if=/dev/zero of=/dev/mapper/mapper2 bs=512
Don't bother creating a partition table or anything else. Leave the entire disk full of this background data. Then create an encrypted volume using a hash for key material and offset and skip sector counts from the hash string: # echo "secret_password@drive_serial_number" | sha512sum 4839 eeac 06 a 2045 d 60 6dbf519ba5e9[...]e312009896441a5 # cryptsetup --cipher=twofish-xts-essiv:sha256 -s 256 -o 483906 -p 204560 create encrypted/dev/sdz Password: # pvcreate/dev/mapper/encrypted # vgcreate # lvcreate
If questioned I would respond with nothing, no words, and just chill there.
For all of you/.'ers out there there's an interesting new technology out there to detect these types of flaws. I'm a nuclear student at UF and some in our department are working on lateral migration radiography. It's a rather cool process, shoot x-rays into the foam and get an image of what's inside and find out where delimanation or debonding has occured. http://www.nre.ufl.edu/facilities/backscat.php
For any of you/.'ers that would actually like to learn the truth ICARUS, go directly from the source.
Division of Housing Network Services:
http://www.dhnet.ufl.edu/dhnet.php
DHnet Discussion forums:
http://www.dhnet.ufl.edu/forums/index.php
--
mliesenf
DHnet resident
DHnet forum moderator
I'm a user of DHnet and I use Gentoo Linux with a vanilla 2.4.22-ac4 kernel. They under no circumstances exploit a users computer to examine the file system or processes. If you have a server or a worm that inappropriately uses the network then they will isolate and restrict you.
I am also a sophomore at the University of Florida. I am a knowledgeable user of the DHnet and an active member of their forums.
If you have any questions that you would like to be answered by a reilable source just visit the DHnet forums at www.dhnet.ufl.edu/forums and ask one of the administrators. They are the same people who administer the network. nuff' said.
I live on the DHnet.
www.dhnet.ufl.edu
They can enforce all of their rules.
Most of their systems are passive.
Their Active systems are used to just find servers.
They find all of the P2P from server-less clients.
--
it's true.
Their connection does not get hosed. I'm a user of DHnet. They get put into a restricted vlan that has access to only ufl.edu sites.
http://www.dhnet.ufl.edu/
Read up, become informed.
Slashdot Mirror
LUKS can be easily detected.
The specifications for the on-disk format are published online.
http://code.google.com/p/cryptsetup/wiki/Specification.
What I would recommend and personally employ... First, fill the disk with a random background: /dev/sdz /dev/mapper/mapper1
# cryptsetup --cipher=aes-xts-essiv:sha256 -s 256 --key-file=/dev/random create mapper1
# cryptsetup --cipher=twofish-xts-essiv:sha256 -s 256 --key-file=/dev/random create mapper2
# dd if=/dev/zero of=/dev/mapper/mapper2 bs=512
Don't bother creating a partition table or anything else. Leave the entire disk full of this background data. /dev/sdz /dev/mapper/encrypted
Then create an encrypted volume using a hash for key material and offset and skip sector counts from the hash string:
# echo "secret_password@drive_serial_number" | sha512sum
4839 eeac 06 a 2045 d 60 6dbf519ba5e9[...]e312009896441a5
# cryptsetup --cipher=twofish-xts-essiv:sha256 -s 256 -o 483906 -p 204560 create encrypted
Password:
# pvcreate
# vgcreate
# lvcreate
If questioned I would respond with nothing, no words, and just chill there.
For all of you /.'ers out there there's an interesting new technology out there to detect these types of flaws. I'm a nuclear student at UF and some in our department are working on lateral migration radiography. It's a rather cool process, shoot x-rays into the foam and get an image of what's inside and find out where delimanation or debonding has occured. http://www.nre.ufl.edu/facilities/backscat.php
For any of you /.'ers that would actually like to learn the truth ICARUS, go directly from the source.
Division of Housing Network Services:
http://www.dhnet.ufl.edu/dhnet.php
DHnet Discussion forums:
http://www.dhnet.ufl.edu/forums/index.php
--
mliesenf
DHnet resident
DHnet forum moderator
I'm a user of DHnet and I use Gentoo Linux with a vanilla 2.4.22-ac4 kernel. They under no circumstances exploit a users computer to examine the file system or processes. If you have a server or a worm that inappropriately uses the network then they will isolate and restrict you.
"Yeah, it's all true. As part of the ICARUS package we are going to provide our VB application development suite for Unix. Open source!
= 17 5
Or not." -wills, DHnet Administrator
http://www.dhnet.ufl.edu/forums/viewtopic.php?t
(ps. they all use bsd)
The University of Florida has an I2 OC-12 at 622Mbit, an OC-3 at 155Mbit and a T3 at 55Mbit. http://net-services.ufl.edu
I am also a sophomore at the University of Florida. I am a knowledgeable user of the DHnet and an active member of their forums. If you have any questions that you would like to be answered by a reilable source just visit the DHnet forums at www.dhnet.ufl.edu/forums and ask one of the administrators. They are the same people who administer the network. nuff' said.
I live on the DHnet. www.dhnet.ufl.edu They can enforce all of their rules. Most of their systems are passive. Their Active systems are used to just find servers. They find all of the P2P from server-less clients. -- it's true.
FreeBSD.
Their connection does not get hosed. I'm a user of DHnet. They get put into a restricted vlan that has access to only ufl.edu sites. http://www.dhnet.ufl.edu/ Read up, become informed.
Are you just asking to get Own3d? You do not know who he is and what he can do. I'd watch my tounge.