Displaying 14 results from an estimated 14 matches for "reencrypts".
Did you mean:
reencrypt
2008 May 18
2
Vulnerability with compromised geli credentials?
I'm not really a developer, but was considering if there is a key
vulnerability in geli given that when you change a key there isn't a disk
update.
Consider the scenario where a new file system is created and populated
with some files. At a later time the original key is changed because
someone has gained access to the key and passphrase. A new key is
generated and attached, but none of
2016 Dec 02
0
[PATCH] New API: cryptsetup_reencrypt: change the master volume key on LUKS partitions.
...tyle = RErr, [Device "device"; Key "key"; Int "keyslot"], [OString "cipher"];
+ proc_nr = Some 471;
+ optional = Some "luksreencrypt";
+ shortdesc = "change the master volume key on a LUKS partition";
+ longdesc = "\
+This reencrypts a LUKS device with a new random master volume key,
+using the L<cryptsetup-reencrypt(8)> tool. A new passphrase C<key>
+is added in key slot C<keyslot>, and all other keyslots are erased.
+
+With no optional parameters, the same type of cipher is used. To
+change to a different...
2011 Oct 14
2
before_save :encrypt_password
I am having a problem finding the best way to make a "before_save
:encrypt_password" conditional.
I have to at times update user model attributes but each time I do this
the password is reencrypted because of the above. I need to
differentiate between when the user is first logging in and the password
does need to be encrypted, and when they are already logged in and the
2017 Dec 12
6
LUKS question
I have existing systems with un-encrypted disks.
I have tried unsuccessfully to encrypt them using LUKS.
Has anyone out there been able to encrypt an existing system (after the
fact, so to speak)?
TIA
--
Roger Wells, P.E.
leidos
221 Third St
Newport, RI 02840
401-847-4210 (voice)
401-849-1585 (fax)
roger.k.wells at leidos.com
2002 Nov 06
0
[Announce]GPGRemail v0.1 initial announcement
...rivacy Guard.
It achieves it's integration with GPG by implementing a technique we
call 'Transparent GPG Reencryption'.
The basic idea is this:
* gpg encrypt mail with mailinglist public key.
* send to mailinglist.
* gpgremail decrypts the mail with its private key.
* gpgremail reencrypts the mail with each recipients private key,
and delivers the mail.
* decrypt mail with your own private key.
This is the first public release, so feedback of all kinds
(especially security related after-thoughts) are more than welcome!
-------------- next part --------------
A non-text attach...
2017 Dec 12
0
LUKS question
On 12/12/2017 08:41 AM, Wells, Roger K. wrote:
> I have existing systems with un-encrypted disks.
> I have tried unsuccessfully to encrypt them using LUKS.
> Has anyone out there been able to encrypt an existing system (after the fact, so to speak)?
You can do that with cryptsetup-reencrypt, but it needs to be able to make space for the ~2MB LUKS header ahead of the filesystem in the
2017 Dec 06
0
CEBA-2017:3330 CentOS 7 cryptsetup BugFix Update
CentOS Errata and Bugfix Advisory 2017:3330
Upstream details at : https://access.redhat.com/errata/RHBA-2017:3330
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
05b360cd746586e2cb31c3b5aecfccfa6d46e762a63e17d90fe58c0673ef7958 cryptsetup-1.7.4-3.el7_4.1.x86_64.rpm
2011 Aug 29
1
Auth forwarding socket for single auth
Hi all,
authentication forwarding depends much on the environment it is used
in, but generally on shared hosts it is considered insecure, as this
documentation and common sense tell us:
http://unixwiz.net/techtips/ssh-agent-forwarding.html
Anyway, I have an auth forwarding security enhancement proposal. I
hope I am not duplicating someone else's words/thoughts, please notify
me if this is
2010 Mar 08
0
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed code
or patches,
2010 Mar 08
1
Announce: OpenSSH 5.4 released
OpenSSH 5.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed code
or patches,
2012 Aug 17
4
How to modify client authentication in passenger based puppet master behind ssl proxy
I''ve configured our DMZ apache webserver to proxy connections from our
roaming users into our internal puppet master running under
passenger/apache. Everything is pretty much working but because I am using
SSL between the proxy server and the puppet master, the master treats the
connection as authenticated as the proxy. My current work around is to
allow access to all catalog and
2012 Feb 18
6
Cannot mount encrypted filesystems.
Looking for help regaining access to
encrypted ZFS file systems that
stopped accepting the encryption key.
I have a file server with a setup
as follows:
Solaris 11 Express 1010.11/snv_151a
8 x 2-TB disks, each one divided
into three equal size partitions,
three raidz3 pools built from a
"slice" across matching partitions:
Disk 1 Disk 8 zpools
+--+ +--+
|p1| .. |p1| <-
2010 Dec 15
22
Separating puppetmaster file serving and catalogs
I''m looking for a way to run more than one puppetmaster on the same server under passenger. Most of the puppet CPU load is waiting for the catalogs to compile. This also seems to be mostly what takes large amounts of RAM. I have storedconfigs on.
I want to be able to move the fileserver to a different pool of puppetmaster processes. Is there an easy way to tell the client, either in
2010 Feb 27
24
Call for testing: OpenSSH-5.4
Hi,
OpenSSH 5.4 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a big release,
with a number of major new features and many bug fixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH