[Cryptography] CD bootable Linux (was randomness +- entropy)

[Johnathan Corgan]

On 11/07/2013 06:54 AM, Thierry Moreau wrote:

> I would definitely like to see some distribution of required tools and
> scripts for creating a CD bootable Linux with an emphasis on security
> considerations. Obviously, e.g. from this long discussion, the true RNG
> source would remain an "area for further study."

This is only marginally related, but I recently published a set of
scripts to more easily create bootable DVDs with "full disk encryption":

https://github.com/jmcorgan/cryptubuntu

It basically automates the process of starting with an existing Ubuntu
ISO image, unpacking the ISO filesystem, the initrd, and the root
filesystem, making changes, then repacking everything with the option to
turn the compressed root filesystem into a LUKS volume.

At boot time, the passphrase is queried and the root filesystem is
mounted with both on-the-fly decompression and decryption.

The original use case for this was to enable distribution of business
confidential work product to my clients in a cheap, archivable format
without worry if it gets lost.

However, the use cases are many; it makes a nice Bitcoin cold storage
solution to have the OS and bitcoin (deterministic, SPV) wallet software
along with the bitcoin private keys, stored on encrypted, low-cost,
read-only media.

-- 
Johnathan Corgan, Corgan Labs
SDR Training and Development Services
http://corganlabs.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: johnathan.vcf
Type: text/x-vcard
Size: 334 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131107/fa62b84d/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131107/fa62b84d/attachment.pgp>