[Freedombox-discuss] Encrypted root file systems with Mandos

[Björn Påhlsson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

As a developer of the Mandos projekt, I have wanted to see if Mandos
could be used to improve a freedom box. Of course I am slightly
biased, but I think Mandos could be really useful for those who own a
freedom box now but are not encrypting the data on it. So with this
mail I was hoping to both suggest the usage of Mandos for freedom box
users, and also ask if someone could please test it, given that I
don't own a box myself. To make Mandos work, the program has some code
in the initrd image, and given the nature of embedded platforms this
might be an issue. For instance, i notice that debwrt (a Debian
version of OpenWRT) does not seem to have an initrd, so I do not know
if that is the case for freedom box.

A quick and small description of Mandos: The intent is to raise the
bar of data security by letting users have a completely encrypted file
system with the only cost being the initial installation &
configuration. Similar to when using a RFID tag to login, with Mandos
the user does not need to type in password each time the machine needs
to boot up. The basic idea is that so long two machines are up and
running, they can be sending the keys to each other for when they need
to reboot, but if they are stolen, or taken to be analyzed in a lab,
then they are locked and behave like any other encrypted data the
analyzer do not have the key for. The technical details are at the
website http://www.recompile.se/mandos or you can just get it from
Debian "testing" repository.

/Björn Påhlsson, Mandos co-author
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREDAAYFAk8/hjMACgkQC+Cq+bUsy1JFegCdF48veYvy0jeVMHptP7Fyqrq8
MVUAoL+CKH14+/b8aHLQhxxLh9F+9I7G
=A9FC
-----END PGP SIGNATURE-----