-
https://discussions.apple.com/thread/3508926?start=0&tstart=0
Apparently one can secure a mac by issuing the command `sudo pmset -a destroyfvkeyonstandby 1` which tells it to destroy the FileVault keys on standby, whether standby to memory or disk.
-
https://www.berrange.com/posts/2011/12/18/multi-factor-ssh-authentication-using-yubikey-and-ssh-public-keys-together/
Article on how to use a YubiKey alongside SSH RSA key based login. Bit of a hack, but it appears to work. Nice.
-
http://blog.rootshell.be/2009/03/27/yubikey-authentication-on-linux/
Article explaining how to use yubipam to enable yubikey authentication on a linux machine. However, yubipam only supports single factor auth, username + token, no additional password.
-
https://github.com/firnsy/yubipam/#readme
PAM module that allows offline authentication against a yubikey. Requires a key to be retrieved from yubico by sending email plus payment info, etc. Less secure than online validation. Only supports single factor auth, username + token, no password.
-
https://github.com/tfheen/ykfde#readme
Script to enable a yubikey to be used with luks full disk encryption. Very interesting...
-
https://www.yubico.com/
The YubiKey is a USB device which appears to the computer as a keyboard. It has only 1 button, which when pressed, enters a one-time-password and then enter (can be configured). This can be verified against an online server, or offline via a few tools.
-
http://blog.dustinkirkland.com/2010/06/ecryptfs-backup-strategy.html
One strategy to backup encrypted ecryptfs data as suggested by the author of ecryptfs. Useful and simple. Backup the metadata and the raw files with rsync.
-
http://blog.dustinkirkland.com/2011/04/introducing-ecryptfs-recover-private.html
A critical utility for ecryptfs called ecryptfs-recover-private which automates and simplifies the process of recovering encrypted home directory data from Ubuntu.
-
http://pastebin.com/yPyK193a
A different strategy to find an encrypted filename from an unencrypted filename under ecryptfs (Ubunut's encrypted home directory system).
-
http://www.telmon.org/?p=631
Interesting article including a script that figures out a mapping from unencrypted filenames into ecryptfs encrypted filenames. Potentially useful.
-
http://westhoffswelt.de/blog/0046_from_revelation_security_to_android_password_managers.html?_=1344537066
Useful article about exporting data from revelation into a CSV ready for import into secrets, an Android password manager. Useful PHP script Revtrans which can decrypt and read the native revelation file format. Very handy.
-
http://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4
Good introduction on setting up mysql replication with SSL encryption. Some of the options have changed in mysql 5.5 (no moremaster-connect-retry) and some settings are not applicable to Ubuntu, but the gist of it is useful.
-
http://tombuntu.com/index.php/2007/12/12/simple-file-encryption-with-openssl/
Handy howto on encrypting files with openssl and a passphrase. Dead easy, `openssl aes-256-cbc -salt -in file -out file` then `openssl aes-256-cbc -d in file out file`. Can also be used in pipes like `tar cp /blah | openssl aes-256-cbc -salt -out b.tar``
-
http://www.startssl.com/
Free SSL certificates which are accepted by most modern browsers. Very cool.
-
http://pajhome.org.uk/crypt/md5/
A javascript implementation of md5. Very handy.
-
http://www.tarsnap.com/
Encrypted backups which don't require you to trust the backup provider, although the code is open source but not free (as in freedom) and so there is only one possible provider...
-
http://www.savvyadmin.com/secure-remote-file-storage-with-ssh-and-dm-crypt/
Article explaining how to mount an encrypted container on a remote system. The remote file container is mounted over sshfs then locally mounted via dm-crypt. This has some major challenges, the approach is interesting albeit not particularly practical.
-
http://ubuntuforums.org/showthread.php?t=852216
How to restore encrypted partitions on the ubuntu forums. Could be useful if needing to restore from a backup of an encrypted disk.
-
http://random.irb.hr/
A random number generation web service that uses the intrinsic randomness of the quantum physical process of photonic emission in semiconductors and subsequent detection by photoelectric effect. Very cool. Available as a web service.
-
http://learninginlinux.wordpress.com/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/
Walkthrough on setting up Ubuntu Hardy Heron with full disk encryption. Very handy. :)
-
http://safe-mail.net/
Encrypted, paranoid friendly email service. 3mb free, 75MiB accounts from $25/year. Not particularly cheap and very Web 1.0.
-
http://www.cypherpunks.ca/otr/
OTR is an encryption layer for Instant Messaging which provides encryption, authentication, deniability and forward secrecy.
-
http://ubuntu-tutorials.com/2007/08/17/7-steps-to-an-encrypted-partition-local-or-removable-disk/
A tutorial on setting up encrypted partitions in Ubuntu Gutsy Gibbon (7.10). Goes into some detail as to what each command does. Useful.
-
http://www.fsckin.com/2008/01/15/howto-setup-and-benchmark-encrypted-partitions-in-ubuntu/
An article on how to create an encrypted volume and then four ways to benchmark encrypted disk performance. Summary, the author estimates a 10% performance cost on a 3.2GHz system, 4Gb memory, no swap.
-
http://users.piuha.net/martti/comp/ubuntu/en/cryptolvm.html
A detailed how-to, including screenshots, on setting up an encrypted LVM in Ubuntu. This approach creates one single encrypted LVM and then multiple partitions within it (as well as an unencrypted boot partition). Easy to follow, useful reading.
