OpenBSD Deep Install Pt. 2 - Full Disk Encryption
Рет қаралды 4,654
Күн бұрын
@polinskitom2277 2 жыл бұрын
openBSDs FDE can be cracked fairly easily, which is why it's recommended to do, for example, 'bioctl -c C -r 5000 -l sdNa softraid0' by some people if you need openBSDs FDE, as the default has a really low iteration rate (16)
@blakkheim 2 жыл бұрын
how about approaching the mailing list instead of making a youtube comment
@root_dnb 2 жыл бұрын
I just follow what the developers recommend in the FAQ. You also can crack all FDE by tying up the owner of the computer and beating him with a pipe until he gives you the password, much cheaper and easier (revelant xkcd.jpg)
@hawaiihacking9019 2 жыл бұрын
Aloha, As a pentester with a Big 4 firm, I'm always interested in sources for decrypting data at secure data stores. Towards this end, what papers would you recommend on cracking OpenBSD FDE? I was under the impression that it uses AES-ECB-256 (a la LUKS) and the password would be the weakness. Is this not so anymore? Mahalo from Hawaii!
@root_dnb 2 жыл бұрын
@@hawaiihacking9019 KZbin bot deleted this comment but maybe this would help, "seeing as how OBSD uses bcrypt, and the rounds are to the power of 2 this is a non issue and it's secure enough...by default"
@dakata2416 2 жыл бұрын
@@root_dnb that's how glow in the darks do it
@luiscaballero5493 2 жыл бұрын
Love the content...Thank you! I am looking forward the follow episodes...especially the high temp cpu. 😋
@k9w944 2 жыл бұрын
Getting the off-line sets with installXX.img kept tripping me up. But your explanation cleared it up for me. Keep up the great work Root!
@CarlosSaltos Жыл бұрын
Muchas gracias, eres un genio !! 👍😎
@Andrath 2 жыл бұрын
Don't use dd or openssl to write random data to your SSD, you will cause quite a bit of wear. Most SSDs have a secure erase. Your BIOS should have access to that. Otherwise there are command line tools that will facilitate.
@root_dnb 2 жыл бұрын
I paid 30 $USD for the ssd, not a huge deal, also looking at my BIOS right now and that's not an option. Plus if you only do it once it's fine.
@kylewillett9817 2 жыл бұрын
He did it and the FAQ recommends it for one reason: plausible deniability. Yes it causes some wear, specifically one whole drive write worth of wear, BUT in exchange the disk to say Gparted would look like it is full of random data with no partition table other than the EFI partition so it would look to a forensic analyst like a bad disk or one that has been erased they wouldn't know where one data slice or partition stops and the other begins.
@nevoyu 2 жыл бұрын
The ssd will still last a long time
@fruitedlight 2 жыл бұрын
when i run bioctl -c -C -l sd0a softraid0 it says invalid RAID level
@root_dnb 2 жыл бұрын
Command is wrong, # bioctl -c C -l sd0a softraid0
@fruitedlight Жыл бұрын
@@root_dnb oh thank you so much! it took me a whole minute to see the difference
@All3me1 2 жыл бұрын
After rebooting it only says no active partition :(
@root_dnb 2 жыл бұрын
OpenBSD should have warned you before reboot that it would not boot. But I need more context tbh, you probably made a mistake somewhere along the line. Also are you dualbooting on a mbr/bios system? OpenBSD will not boot on mbr after 100GiB.
@All3me1 2 жыл бұрын
@@root_dnb it warned me before choosing gpt I'm using sd1 for Gentoo and trying to use sd0 for OpenBSD The motherboard should support uefi
@root_dnb 2 жыл бұрын
@@All3me1 Yup, heed those warnings.
@All3me1 2 жыл бұрын
@@root_dnb so I probably can't use gpt with my Motherboard?
@safi164 2 жыл бұрын
9th
Charlie Root
Рет қаралды 4 М.