Announcement: Mandos - do unattended reboots with encrypted root file system

Discussion in 'Computer Security' started by Teddy Hogeborn, Oct 18, 2008.

  1. Hi there; I just wanted all you security-conscious folks to know about
    a new software project: Mandos.

    The goal of the Mandos system is to enable Debian GNU/Linux computers
    to have an encrypted root file system and still be able to reboot
    automatically without anyone having to be there and type in a
    password.

    The computers run a small client program in the initial RAM disk
    environment which will communicate with a server over a network. All
    network communication is encrypted using TLS. The clients are
    identified by the server using an OpenPGP key; each client has one
    unique to it. The server sends the clients an encrypted password.
    The encrypted password is decrypted by the clients using the same
    OpenPGP key, and the password is then used to unlock the root file
    system, whereupon the computers can continue booting normally.

    The server with the passwords continually checks that the client
    computers are still up, and if the client is gone for more than a
    configurable length of time, the server no longer gives out the
    password for that client.

    Please read the FAQ in the README file for more information on the
    security model:
    http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/annotate/head:/README

    Oh yes, the project's home page: http://www.fukt.bsnet.se/mandos

    Since we run Debian, that is what it will run on, and it ought to run
    fine on Ubuntu as well. Ports to other distributions could probably
    be made, but with some effort, since we use the Debian-specific
    additions to the "cryptsetup" package (also in Ubuntu) when installing
    into the initial RAM disk image. Porting Mandos to non-GNU/Linux-
    based operating systems is probably not feasible.

    I just thought you might find it interesting.

    /Teddy, part of the Mandos Maintainer Team
    Teddy Hogeborn, Oct 18, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. System Standby on Encrypted Network

    , Oct 21, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    511
  2. 7
    Replies:
    0
    Views:
    420
  3. Replies:
    3
    Views:
    542
  4. John
    Replies:
    0
    Views:
    338
  5. Joe
    Replies:
    0
    Views:
    348
Loading...

Share This Page