TasLUG 20 Feb 2014
cryptsetup
Everyone is out to get you.
dd if=/dev/urandom of=./root.key.tmp bs=512 count=4 password=`echo -n "YOUR_PASSWORD_GOES_HERE" | openssl dgst -whirlpool -hex | cut -d ' ' -f 2` openssl aes256 -in root.key.tmp -out root.key openssl bf-cbc -in root.key.tmp -pass pass:"${password}" -salt -out "./root.key" modprobe dm_mod cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -v luksFormat /dev/sda2 ./root.key.tmp shred root.key.tmp
openssl bf-cbc -pass pass:"${password}" -d -in "${encfile}" -out "${decfile}" >/dev/null 2>&1 if [ "$?" != "0" ]; then echo "Keyfile could not be decrypted" && break fi
openssl bf-cbc -pass pass:"${password}" -d -in "${encfile}" -out "${decfile}" >/dev/null 2>&1 if [ "$?" != "0" ]; then if [ "${password}" == "MY_DISTRESS_PASSWORD" ]; then cryptsetup luksKillSlot ${root_device} dd if=/dev/zero of=${usb_device} bs=1024 count=${size_of_device} dd if=/dev/zero of=${usb_device} bs=1024 count=${size_of_device} dd if=/dev/zero of=${usb_device} bs=1024 count=${size_of_device} dd if=/dev/zero of=${usb_device} bs=1024 count=${size_of_device} fi fi
Slideshow made with deck.js
Slides are CC-BY-SA 3.0 AU
เดค Michael Cordover · mjec.net/talks/dm-crypt · CC-BY-SA 3.0 AU
/
#