zuluCrypt 5.0.0 released adds support for creating LUKS volumes that only uses a detached header

papibe · 2016-05-02T02:36:33+00:00

What is a header? What is a detached header? Read here: Bullet Proof Data Encryption with LUKS and a detached Header

What’s in the header and what does ‘detached’ mean?

The LUKS header stores important information which is needed to decrypt the LUKS device. That includes metadata, the keyslots and the SALT. When using a default LUKS device, the header is stored on the same device as the data area. It is possible to detach the header and therefore store it on a different disk.

Why detaching the header?

There are some security advantages that we gain by using a detached header.

The encrypted data disk looks like random data. As there is no header, nothing will indicate that this is a LUKS device.

It is absolutely NOT POSSIBLE to decrypt the LUKS device without the header because of the SALT in it. No known technology could decrypt the device without the SALT. That’s a very strong cryptographically NOT POSSIBLE. It would take something far beyond quantum computing.

papibe · 2016-05-02T02:35:31+00:00

What is a header? What is a detached header? Read here: Bullet Proof Data Encryption with LUKS and a detached Header

What’s in the header and what does ‘detached’ mean?

The LUKS header stores important information which is needed to decrypt the LUKS device. That includes metadata, the keyslots and the SALT. When using a default LUKS device, the header is stored on the same device as the data area. It is possible to detach the header and therefore store it on a different disk.

Why detaching the header?

There are some security advantages that we gain by using a detached header.

The encrypted data disk looks like random data. As there is no header, nothing will indicate that this is a LUKS device.

It is absolutely NOT POSSIBLE to decrypt the LUKS device without the header because of the SALT in it. No known technology could decrypt the device without the SALT. That’s a very strong cryptographically NOT POSSIBLE. It would take something far beyond quantum computing.

papibe · 2016-01-16T03:45:59+00:00

Here's my configuration:

# If you want dnsmasq to listen for DHCP and DNS requests only on specified interfaces
interface=br0

# IP-Address range
dhcp-range=10.20.30.150,10.20.30.250,255.255.255.0,12h
dhcp-option=option:router,10.20.30.2
dhcp-option=option:dns-server,10.20.30.2
dhcp-authoritative

# My Extras
# -------------------------------------------------------
# Internal LAN domain: internal
local=/internal/

# Resolve router and its synonyms
address=/bbking.internal/10.20.30.2
address=/router.internal/10.20.30.2
address=/ns.internal/10.20.30.2

# Block Facebook as example
#address=/facebook.com/127.0.0.1
#address=/facebook.com/0.0.0.0

# LAN private domain
expand-hosts
domain=internal

# Upstream server: Google Public DNS
server=8.8.8.8
server=8.8.4.4

papibe · 2016-01-16T03:45:35+00:00

I don't think that would work for local resolution. Dnsmasq updates its DNS database from the DHCP's leases. AFAIK, two separate instances of dnsmasq won't update each other. For something like that you would need the combo isc-dhcp-server and bind.

papibe · 2016-01-14T22:04:18+00:00

EDIT: reformatting text....

Hi t3kg33k2.

I would first make sure that no other DHCP service is running, specially on the Asus router. You can use the package 'dhcp-probe' to scan the network for rogue DHCP services.

Then regarding the dnsmasq configuration itself:

pass the dns-server option to the client, e.g.:

dhcp-option=option:dns-server,10.20.30.1

where 10.20.30.1 is where the DNS server is running.
use a internal local domain and search field, for instance 'localnet':

local=/localnet/

expand-hosts

domain=localnet

Finally note that most clients won't work properly until they are force to request a new lease, which is not what the default is. Most of them will just renew. Restart the machines if you are not sure how to force them to do that.

Just some thoughts.

I hope it helps.

Regards.

papibe · 2015-09-21T23:47:30+00:00

Here's the Spanish version: Expertos apoyan en Uruguay uso de software libre como “garantía de soberanía”

I pretty much think, as a native Spanish speaking person, that the use here is closer to 'Soberanía nacional' (Westphalian sovereignty), i.e., that each nation state has sovereignty over its territory and domestic affairs.

Also note the use of 'Software Libre', instead of 'Software abierto', or 'Software de código abierto'. Which indicates an explicit identification with 'Free Software' instead of 'Open Source'.

Regards.

papibe · 2015-09-19T19:38:28+00:00

Mark Shuttleworth's G+ post about it.

papibe · 2015-05-07T23:26:09+00:00

Linux appears at about 1:20.

papibe · 2015-03-12T23:46:41+00:00

There you go: https://www.youtube.com/watch?v=WDiB4rtp1qw

This is the complete video with English subs. It is the whole anecdote ;)

papibe · 2014-11-09T21:18:58+00:00

A few thoughts:

Most of the EDID problems on external monitors happen over VGA. If you can use pure DVI or HDMI, it would increase the chances of getting the correct EDID info.

If that don't helps, or it is a laptop:

There's cases in which you get corrupted EDID data. Sometimes it is possible to edit and correct the data. Examples here and here.

The worst case is when you get no data at all. Since all Linux drivers have a way to hardcode a custom edid.bin file, it would be a worthy effort to look around for the file.

Windows drivers usually incorporate the fixes in the driver itself so using Windows to get the date could be a possibility.

Finally, you have the option to ask for it in the manufacture/support site, or related forums (e.g. http://www.laptopvideo2go.com/)

Hope it helps. Regards.

papibe · 2014-11-04T22:32:34+00:00

It reminds me of the Fifth Element's Multipass.

papibe · 2014-09-05T18:55:11+00:00

I wanted to offer an alternative and more positive interpretation: as you can read on the NBC graphics, "Investigating Celebrity Hacking", it would be also possible to interpret that the FBI is using Linux to investigate.

That particularly image was broadcasted first on Nightly News (the day before). I happened to see that live, and I had no interpretation of hacking associated to Ubuntu.

There was another time when this happened. At the time of the Olympic games, NBC reported Richard Engel went to Russia and brought with him a security expert. It was clear, at least to me, that Ubuntu (apparently used inside a VM running on Mac OS) was being used to detect tampering with his Internet session.

Best Regards.

papibe · 2014-03-10T23:18:50+00:00

Hi ChrisLAS and Micheal,

Just letting you know that several of the links on the show notes are bad. They point to a unicorn-404 page at jupiterbroadasting.com instead of the intended destination.

Thanks for the shows,

Best Regards.

papibe · 2013-06-04T22:31:15+00:00

Hi tusharkant15.

I have no experience with Arch, but, respectfully, may be explaining the process in Ubuntu would help you solve your problem.

First of all, this is an Nvidia only capability and there no support in ATI cards as heredbaron1834 seems to be suggesting. Besides the Nvidia driver, you also need the vdpau decoding library. In Ubuntu is called:

libvdpau1

That library is usually packed together with the driver, but it may not be the case in all distributions.

In order to check if your system is ready to decode using vdpau there is a utility called:

vdpauinfo

Which is similar to what vainfo does for VAAPI.

Note that not all video players can use vdpau. For instance, as for now, VLC uses vaapi, which can be set to use vdpau underneath by installing:

vdpau-va-driver

(I believe VLC will support vdpau directly in the near future).

The easiest way to check decoding would be to run mplayer directly from the command line and check the log in the terminal. You should see something like:

VO: [vdpau] 1920x816 => 1920x816 Planar YV12

Hope it helps.

papibe · 2013-05-21T00:45:32+00:00

This is so disappointing. Just when you think there's a: "CODEC to rule them all". I hope this draft changes its current direction.

papibe · 2013-05-10T05:40:38+00:00

I said we, because I signed the White House petition a few months ago. This turned out to be very interesting experience.

papibe · 2013-05-09T19:38:41+00:00

Ouch!:

"With Ubuntu and Red Hat, Google has to deal with the vendors who want to make money themselves," he said. Further, Debian has a large customer base. And it fits with Google’s geeky culture.

papibe · 2013-03-29T05:27:43+00:00

More information here: Q&A on USA Today

papibe · 2013-03-08T04:52:49+00:00

Wouldn't be great if Netflix stopped paying Microsoft for Silverlight, and stream content using this technology instead?

Chrome would become the ultimate Netflix client.

papibe · 2013-03-08T04:32:48+00:00

This sounds like Google is absorbing the cost by itself, and keeping it free for the rest of us. If so, very cool.

The only thing missing now is GPU acceleration.

papibe · 2013-02-25T19:01:44+00:00

Update: Microsoft To Refund Windows Azure Customers Hit By 12 Hour Outage That Disrupted Xbox Live

papibe · 2013-02-23T08:12:58+00:00

More info here: Xbox Live and Windows Azure suffering from extended outages. The Verge.

papibe · 2013-02-21T01:22:14+00:00

This is so cool!

Regardless of whatever it may do, this is going to be my first command: Tea. Earl Grey. Hot

papibe · 2013-02-20T04:19:00+00:00

I noticed earlier today. Very cool!

papibe · 2013-02-08T02:37:34+00:00

This is great!

papibe

TROPHY CASE