What is implementation and how does it affect security?

Discussion in 'privacy technology' started by amarildojr, Aug 8, 2013.

Thread Status:
Not open for further replies.
  1. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    I read a lot of people saying "Implementation" matters as well as the Algorithm, but I still don't know what it means. If someone could explain or refer link :)

    And what is the software that has the best implementation out there? Is it cross-platform? (I want to use it on Linux).

    Regards.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi amarildojr,

    Implementation refers to the actual software program code that implements a design. It encodes the algorithm(s) that embodies the software. A design encompasses a set of software requirements to bring about either a new software product or extend the functionality of the software to be able to do something new.

    Note: If the design is not the "best design", then a "best implementation" may not be worth considering, depending on the design domain, e.g. a mathematical computation which has an existing algorithm for which an optimal solution has not yet been implemented, but exists.

    See: Algorithm and Software design to start exploring these concepts.

    With regard to the concept of how implementation affects security, if security was not a consideration during the initial construction of the software, then a Software Security Vulnerability is likely to exist. For example, if you ask the question why previous Windows OSes have so many security holes, now you know the reason.

    -- Tom

    P.S. Welcome to Wilders Security Forums
     
    Last edited: Aug 8, 2013
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Thanks, I'll read those articles after I learn how to install ArchLinux.

    Question: Does Truecrypt have a good implementation on Linux?
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
  5. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Unfortunatelly TrueCrypt is not able to encrypt filesystems on Linux. I will look for a substitude for it that can encrypt "/home", "/swap", "/var", "/tmp" and the root partition.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    LUKS.

    But there's no hidden option :(
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Please explain what you mean when you say TrueCrypt is not able to encrypt filesystems on Linux regarding: Filesystem Encryption Tools for Linux.

    Note: I have never used Truecrypt.

    Do you mean that you locate "/home", "/swap", "/var", "/tmp" and the root partition on separate volumes - and that Truecrypt cannot handle separate Truecrypt volumes on the same device, or why cannot you have all of "/home", "/swap", "/var", "/tmp" and the root partition on the same volume?

    -- Tom
     
  9. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Note the current stable on the page you referred: "Current Stable :- 4.3a"

    A quote from the openSUSE forums admin:

    Source: https://forums.opensuse.org/english...ypt-help-multiple-partitions.html#post2578053

    Not even the built-in encryptor can encrypt the "/" partition, I have to manually encrypt "/var", "swap", "/tmp" and /home, so I don't know if files might get to different places than these. Not to mention I can't chose the algorithm nor the hashing (defaults are aes-256 - ripemd-160).

    There is an option, which is FDE with LVM, but that is not an option for me. I rather use Windows and encrypt the system partition and then encrypt another data partition.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Huh? You can encrypt everything except /boot. Everything except /boot goes in an LVM partition, which goes in an encrypted partition. It's true that the Debian installer doesn't give cypher choice, so you'd need to set up manually :(
     
  11. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Not on openSUSE.

    LVM is not an option right now. I need to be able to re-install the system without the need to back everything up. Therefore, the only option is Windows.
    If somehow Truecrypt dev's make it possible to encrypt "/" and /home, and also making it possible to mount them right after the system starts, then I'll go back to Linux.

    I'm looking forward to learn HOW (IF it is possible) to change the algorithm and hash on LUKS, and if files might get to other places, because if I encrypt /var, /swap, /tmp and /home and if files go to other places than these then I'm fried :rolleyes:
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    See -http://linux.die.net/man/8/cryptsetup

    As I said, using dm-crypt with LUKS, the entire filesystem except /boot is in an LVM partition on the encrypted partition.
     
  13. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    I'll give it a read, thanks.

    EDIT: BTW you wouldn't happen to know how to change this in the openSUSE install process?
    I KNOW what LVM is and how it works. But, as I said, it's not an option.
     
    Last edited: Aug 11, 2013
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    No, I don't.

    Why is that?

    I see that you want to be able to reinstall without backing up. But I'm not sure what you mean by that. Do you want to put /home/ on a separate drive, that doesn't get touched during reinstallation?
     
  15. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Yes. I'm currently learning how to change the default cipher/hash on openSUSE's install. I managed to create the filesystem with twofish, but after reboot the install DVD overwrites everything with it's default algo: AES-256/SHA256.

    I'm almost there and I won't have to create an LVM! :D


    PS: If someone is wondering the command:

     
Loading...
Thread Status:
Not open for further replies.