Archive for July, 2008

FreeBSD : Inexpensive and simple swap encryption

It has been a while that I did not put up any post. Here a short note on swap space encryption with FreeBSD geom geli(8). This feature was there for quite sometimes.

Enabling swapspace encryption with geli

Only 2 files are required to be edited, /etc/fstab and /boot/loader.conf. Change your swap partition in /etc/fstab with suffix “.eli” (i.e. ad1s1b.eli) and enable geom_eli kernel module in /boot/loader.conf with “geom_eli_load=”YES”“. Your swap space will be encrypted on next reboot.

Alternatively, you can enable it without reboot with the steps below.

# swapoff /dev/ad0s1b

# kldload geom_eli

# geli onetime -e blowfish -l 128 -s 4096 -d ad0s1b

# swapon /dev/ad0s1b.eli

Note : you can refer to geli(8) manpage for more algorithm options. I used blowfish on the above example.

Verifying if swap space encryption is enabled

# dmesg | grep GEOM_ELI

GEOM_ELI: Device ad0s1b.eli created.
GEOM_ELI: Encryption: Blowfish-CBC 128
GEOM_ELI: Crypto: software

# geli list
Geom name: ad0s1b.eli
EncryptionAlgorithm: Blowfish-CBC
KeyLength: 128
Crypto: software
Flags: ONETIME, W-DETACH, W-OPEN
Providers:
1. Name: ad0s1b.eli
Mediasize: 2147483648 (2.0G)
Sectorsize: 4096
Mode: r1w1e0
Consumers:
1. Name: ad0s1b
Mediasize: 2147483648 (2.0G)
Sectorsize: 512
Mode: r1w1e1

Back in 2003, I used OpenBSD’s sysctl -w vm.swapencrypt.enable=1 or wm.swapencrypt.enable=1 in /etc/sysctl.conf for swap space encryption and this is made default on OpenBSD 4.3. Compare to FreeBSD implementation, OpenBSD’s method is simpler. However, FreeBSD’s geom geli(8) and gbde(8) offers more than just swap space encryption. It gives the capability to encryption disk partition.

More info can be found in the excellent FreeBSD handbook.

http://www.freebsd.org/doc/en/books/handbook/swap-encrypting.html

My usage has not reached the level that requires high confidentiality on storage. Perhaps, I will do a encrypted file system on my portable harddisk for porns next time. :-P

Wednesday, July 30th, 2008

FreeBSD, Howto, OpenBSD No Comments

Chinese Domain Names Fraud

There have been many reported cases of a new scheme of scam involving generally a Chinese domain registration firm asking for people to register some domain names through them because “a third party” was trying to register them. Normally a dot.com domain owner who would receive an unsolicited email from those bogus companies claiming that someone else was trying to register some .cn of the same domain, so they wanted the company owner to register these domains first with them to “protect their trademarks”.

In the process, they earn fee for so-called service offered in disputing non-existent third party registration. In another word, they create demand triggered by fear.

Nevertheless, it make sense to register and park a .cn, if China is a targeted new operation ground for your company. This will block it being snapped by cybersquatters, competitors or even Chinese scammers mentioned earlier.
Here are the some samples communication of my attempt to lure them.

(more…)

Tuesday, July 1st, 2008

Misc No Comments

Thing that we do not see in news

Perhaps I missed out this news on TV / Newpapers (maybe it was published in _the_tiny_little_column_that_we_always_miss_out). Or perhaps, they are still busy with the press restriction at lobby of the Malaysian Parliament.

Here are some photos that were forwarded to me. Street protest is bad. But what else could they do?



(more…)

Tuesday, July 1st, 2008

Life, Misc No Comments