Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 May 2013 21:41:52 +0200
From: Zenny <>
Subject: Re: Owl encrypted / and tcplay

Thanks to Alexancer and Alexey both for very useful info.

@Alexey: I need to encrypt /. I am quite impressed by full disk
encryption, recognized by bootloader of OpenBSD 5.3. Impressive work.
If Owl can implement somehting similar it would be wonderful. (ref:

Actually full disk encryption is a basic requirement for me. I also
thought of installing Owl as a qemu instance of OpenBSD, but gave up
the idea of running vitualization on top of another virtualization i.e
openvz on top of qemu!

On 5/14/13, <> wrote:
> On 04-May-2013 15:45:51 +0200, Zenny wrote:
>  > Is there a way to encrypt Owl / with aes-xts-plain64 which can be
>  > remotely authenticated remotely for decryption (like using dropbear
>  > in initrd or mandos server-client mechanism in debian using hooks)?
> No. And normally you don't need that.
> When dealing with sensitive data, personally I prefer leaving bare
> system at unencrypted / and /var, while keeping all the sensitive
> data inside VZ containers stored at encrypted /home; when I reboot
> the server, I wait for it to start and then issue the command like:
> gpg < vzhost.key | ssh root@...ost.somewhere \
>  "xxd -p -r | losetup -p 0 -e twofish -k 256 -H sha512 /dev/loop0 /dev/md2"
> (hint: `head -c128 /dev/random | xxd -p -c32 | gpg -ea > vzhost.key`
> will provide you with secure encryption key).
> After that, I go to vzhost.somewhere and issue two obvious commands:
> mount /dev/loop0
> service vz start
> Please see the page for
> instructions of how to set up secure data storage.
>  > Also interested in tcplay, but would be nice to know to securely
>  > integrated with Owl 3.0.
> It uses devmapper, and thus is inacceptable due to its' ability to bury
> all the data at once.
> --
> Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
> GPG key ID: 0xEF3B1FA8, keyserver: hkp://
> GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.