search for: reencryption

I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of

Note that cryptsetup-reencrypt is a separate package on Fedora, but is already part of the appliance on Debian/Ubuntu. --- appliance/packagelist.in | 1 + daemon/luks.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 18 ++++++++++++++++++ gobject/Makefile.inc | 2 ++ src/MAX_PROC_NR | 2 +- 5 files changed, 68 insertions(+), 1

I am having a problem finding the best way to make a "before_save :encrypt_password" conditional. I have to at times update user model attributes but each time I do this the password is reencrypted because of the above. I need to differentiate between when the user is first logging in and the password does need to be encrypted, and when they are already logged in and the

I have existing systems with un-encrypted disks. I have tried unsuccessfully to encrypt them using LUKS. Has anyone out there been able to encrypt an existing system (after the fact, so to speak)? TIA -- Roger Wells, P.E. leidos 221 Third St Newport, RI 02840 401-847-4210 (voice) 401-849-1585 (fax) roger.k.wells at leidos.com

...gt; Available from: http://soniq.net/gpgremail/ GPGRemail is a minimalistic mailinglist software, meant for small, private, mailinglists that require strong cryptography via the GNU Privacy Guard. It achieves it's integration with GPG by implementing a technique we call 'Transparent GPG Reencryption'. The basic idea is this: * gpg encrypt mail with mailinglist public key. * send to mailinglist. * gpgremail decrypts the mail with its private key. * gpgremail reencrypts the mail with each recipients private key, and delivers the mail. * decrypt mail with your own private key. This...

On 12/12/2017 08:41 AM, Wells, Roger K. wrote: > I have existing systems with un-encrypted disks. > I have tried unsuccessfully to encrypt them using LUKS. > Has anyone out there been able to encrypt an existing system (after the fact, so to speak)? You can do that with cryptsetup-reencrypt, but it needs to be able to make space for the ~2MB LUKS header ahead of the filesystem in the

CentOS Errata and Bugfix Advisory 2017:3330 Upstream details at : https://access.redhat.com/errata/RHBA-2017:3330 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 05b360cd746586e2cb31c3b5aecfccfa6d46e762a63e17d90fe58c0673ef7958 cryptsetup-1.7.4-3.el7_4.1.x86_64.rpm

Hi all, authentication forwarding depends much on the environment it is used in, but generally on shared hosts it is considered insecure, as this documentation and common sense tell us: http://unixwiz.net/techtips/ssh-agent-forwarding.html Anyway, I have an auth forwarding security enhancement proposal. I hope I am not duplicating someone else's words/thoughts, please notify me if this is

OpenSSH 5.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 5.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

I''ve configured our DMZ apache webserver to proxy connections from our roaming users into our internal puppet master running under passenger/apache. Everything is pretty much working but because I am using SSL between the proxy server and the puppet master, the master treats the connection as authenticated as the proxy. My current work around is to allow access to all catalog and

Looking for help regaining access to encrypted ZFS file systems that stopped accepting the encryption key. I have a file server with a setup as follows: Solaris 11 Express 1010.11/snv_151a 8 x 2-TB disks, each one divided into three equal size partitions, three raidz3 pools built from a "slice" across matching partitions: Disk 1 Disk 8 zpools +--+ +--+ |p1| .. |p1| <-

I''m looking for a way to run more than one puppetmaster on the same server under passenger. Most of the puppet CPU load is waiting for the catalogs to compile. This also seems to be mostly what takes large amounts of RAM. I have storedconfigs on. I want to be able to move the fileserver to a different pool of puppetmaster processes. Is there an easy way to tell the client, either in

Hi, OpenSSH 5.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release, with a number of major new features and many bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH