Just got back from DefCon, idea for pdaXrom Options

[omin0us]

Hey everyone, i just got back from DefCon 12 in las vegas, and boy oh boy did my c760 running pdaXrom get some attention. One lady was interested in ordering about 700 c760's for her company all running pdaXrom, but she was dissapointed when i told her that I was just one of the core developers for pdaXrom, and did not work for Sharp or anything like that. So yeah, there were Many Many people interested in pdaXrom and the c760.

I did meet up with a guy Jake who was interested in working with me on creating an Encrypted PDA using pdaXrom. Basically he wants it all to run on an Encrypted FileSystem using a key stored on an SD card for Authentication. We are going to get together and talk about it. I know i personally am very interested in this and told him that hima and I would work on this for sure, whether or not the rest of the community was interested. But i'm curious who would be interested in something like this. If no one is interested, then we will go ahead with the project on our own. but if people are interested, we at pdaXrom could possibly host an image with these capabilites as well as the regular image for those not interested in this. Let me hear your feedback.

Anthony

[Reaper]

I think that "corporate edition" of pdaX should include this option and offer to install it before reflashing. For the rest of us it would be nice to release this pack as separate IPK as soon as some of us do need it while some do not and it isn't considered very wise to include features that we will or will not need (not to mention the waste of the precious NAND memory! )

[stbrock]

As the 6000 indicates, a significant enterprise market for companies that can take advantage of the many extras offered by Linux on Zaurus would certainly help the prospects for long term survival of the platform. And an encrypted file system would be a significant step in that direction. It could also create possibilities for new uses in government agencies that for various reasons are fairly open to Linux.

Is real Blowfish-grade disk encryption feasible on the Z without a serious performance penalty? Some strong encryption programs out there make even encrypting a memo tediously slow, though BURP suggests good design can overcome this. Assuming a fairly transparent design that doesn't slow things down much once it's loaded, which is what the enterprise market will require, lots of individuals would probably take advantage of it too. At least if there is a version that only requires a passphrase and not a hardware key.

[ScottYelich]

I've used cfs for years... give that a shot/port.

Scott

[Zazz]

Bestcrypt (www.jetico.com) runs nicely under pdaXrom 1.0.5. I didn't notice any performance problems. I keep some compiled binaries here but since this is sensitive stuff you may wish to compile it yourself from original sources. There is no documentation in this binary package so you need to know what you are doing (mknod the devices, put the modules and everything else at reasonable places, run depmod -a, modprobe ..., maybe set up some startup script, etc). Note that this is commercial software.

[philo]

an encrypted rom would be great, less worries if you should loose your z or if it got stolen.

re the sd key, would you have to have that sd card inserted, or would it be based on a passphrase? or would it just be a regular sd card that some key lived on? i don't know about everyone, but i use the sd slot for extra storage, leaving my cf free for a wifi card so i would want to be able to use my sd for files rather than just as a key to the unit.

also, how much good is it if you loose the l and the sd card is still inside it?

philo

[ScottYelich]

So ...

do we have an encrypted filesystem available for pdaXrom?
I have a decent need for one now. :-)

Scott
ps: just to be clear, a filesystem -- not a file...

[g33k]

I'd like to advocate FreeOTFE over BestCrypt. FOTFE is cross-platform, yet free and open.

http://www.freeotfe.org/

[MicDB]

This is very interresting.
The best (understand most easy) way to achieve that would be to port EncFS. It uses AES (Rijndael), so it is really secure but will probably somewhat kill performance. When this is done, it only needs some minor tweakings on pdaxrom to include it in roms.

We can boot, mount the shared filesystem (using passphrase for example), chroot into it and do what we want
The big advantages of working this way is to have a "rescuable" system, the ability to backup encrypted filesystem without the need of knowing the key, and it would be possible to make a package that installs a complete encrypted system (with X, apps, ...) on a compact flash/sd even on current roms ...

[ShiroiKuma]

Bestcrypt  (www.jetico.com) runs nicely under pdaXrom 1.0.5. I didn't notice any performance problems. I keep some compiled binaries here but since this is sensitive stuff you may wish to compile it yourself from original sources. There is no documentation in this binary package so you need to know what you are doing (mknod the devices, put the modules and everything else at reasonable places, run depmod -a, modprobe ..., maybe set up some startup script, etc). Note that this is commercial software.

This site is unavailable. Does anyone have compiled binaries for this. I'd like to give this a try.

So far it's the only soft for Linux that I've found that enables you to create virtual encrypted disks and then use them normally.