Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Encrypted Fileserver with Bittorrent Web Interface

Posted by timothy on Sat May 07, 2005 03:33 PM
from the freenetesque dept.
Data Storage Encryption Operating Systems Security Networking BSD Hardware
mistermark writes "I built a fully encrypted (samba) fileserver with a web interface for managing torrent downloads on it. All I used is OpenBSD 3.6 and its package collection, except for the TorrentFlux-interface (which you need to install separately). Anyway, it can be built using binary packages only. I included a rough HOWTO on how to make one of these yourself."
+ -
story

Related Stories

[+] Hardware: Building a Fully Encrypted NAS On OpenBSD 196 comments
mistermark writes "Two years ago this community discussed my encrypted file server. That machine has kept running and running up until a failing drive and a power outage this last week. So, it's time to revise everything and add RAID to it as well. Now you can have an on-the-fly encrypting/decrypting NAS with the data security of RAID, all in one. Here is the how-to."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Encrypted Fileserver with Bittorrent Web Interface 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Nice (Score:5, Funny)

    by slashalive (853666) on Saturday May 07 2005, @03:34PM (#12463816)
    Now you can seed your secret corporate documents!

  • why? (Score:5, Insightful)

    by Anonymous Coward on Saturday May 07 2005, @03:36PM (#12463825)
    Pertend I'm stupid, why would I want this?

    • Re:why? (Score:5, Funny)

      by big_groo (237634) <groovis.gmail@com> on Saturday May 07 2005, @03:46PM (#12463889) Homepage
      Pertend I'm stupid...

      No need.

    • Re:why? (Score:3, Informative)

      by jurt1235 (834677)
      Simple: You have random users which make backups to your machine but don't want anybody else to be able to read these backups.

    • Re:why? (Score:5, Insightful)

      by caluml (551744) <slashdotNO@SPAMspamgoeshere.calum.org> on Saturday May 07 2005, @04:01PM (#12463969) Homepage
      Yeah, I can't work this out either. The problem with torrents is not storing them safely, or downloading them safely. It's that when you start downloading a file using torrents, your IP address is known by the tracker which gives away the fact you're a downloader.
      Sure, store them on an AES-256 encrypted filesystem, sure, use SSL for the transfer. But it doesn't help the fact that the downloaders/uploaders are known.
      • encrypted mp3s sound so much better than regular ones.

      • Be very, very careful when using the Windows XP built-in file encryption, called EFS (Encryping File System).

        EFS is very poorly documented. The encryption is tied to your user password in a way that is apparently not documented. EFS depends on being part of a Windows 2003 Server domain in a way that is not clearly documented; if you are using Windows XP on a stand alone computer, there are situations in which you will lose your files forever.

        Microsoft technical support agrees with what I just said, and provides no help or fixes.

        The official Microsoft forums contain the complaints of many people who have lost their files due to problems with EFS. One man said he lost 11 years of research.

        People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize how bad Microsoft truly is.
        • And don't forget that as a member of a domain, a GPO can cause an EFS key to be escrowed with the admininstrators. So if you're thinking this will hide your MP3z at work from the domain admins or SMS sweeps, no go. (Of course, if the filesystem is mounted during an SMS enumeration/collection sweep, it doesn't matter what encryption you're using.)

        • Re:Be very, very careful when using EFS!!! (Score:5, Insightful)

          by Universal Indicator (626874) on Saturday May 07 2005, @04:36PM (#12464127)
          11 years of research without a single backup? Sounds like the person was asking for it!
        • from MSDN: Taking Recovery Precautions [microsoft.com]

          Recovering Encrypted Files

          Any data recovery agent can recover an encrypted file when a user's private key fails to decrypt the file.

          To recover an encrypted file
          1. Log on to a computer that has access to the user's profile; for example, a computer that has a designated recovery console or a recovery key on removable media such as a floppy disk. You might log on at the user's computer or the user might have a roaming profile.
          2. Locate the encrypted fi
        • I use Truecrypt [truecrypt.org]. It is free and open source. Provides much more flexibility and the encrypted source file(s) can be stored on any medium (network, flash, floppy, etc..) Sure it is not durectly integrated into the OS but for me, it strikes the perfect balance between security and piece of mind.

        • Re:Be very, very careful when using EFS!!! (Score:4, Informative)

          by Dibblah (645750) on Sunday May 08 2005, @04:02AM (#12466736)
          Not documented, huh?

          http://support.microsoft.com/default.aspx?scid=kb; EN-US;q290260 [microsoft.com]

          Summary: Rejoin your original domain and change your password to your original password.

          People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize that if all you wannabe Windows Administrators left the "market", the world would be a better place for everyone.
          • It's probably the same as their position on the bug that causes Outlook 2003 to randomly lose data once the database file size gets up to about a gig and a half. They don't care.

            "You're just a user so screw off. We're far too important to worry about your stupid data."

            I can't see any other explanation.


          • You said, "This is another example of mod-by-agreement. Anyway, EFS is documented perfectly well."

            Correction: This is another example of someone on Slashdot acting sure when he knows nothing about the issue, and didn't even read the document at his first link in his Google Search: Microsoft Windows XP - Data Recovery and Data Recovery Agents [microsoft.com], which says:

            "The default design for the EFS recovery policy is different in Windows XP Professional than it was in Windows 2000 Professional. Stand-alone computers [using Windows XP] do not have a default DRA, but Microsoft strongly recommends that all environments have at least one designated DRA.

            "In a Windows 2000 environment, if an administrator attempts to configure an EFS recovery policy with no recovery agent certificates, EFS is automatically disabled. In a Windows XP Professional environment, the same action enables users to encrypt files without a DRA. In a mixed environment an empty EFS recovery policy turns off EFS on Windows 2000 computers, but only eliminates the requirement for a DRA on Windows XP Professional computers."

            This information means that you can lose your files in Windows XP in a way that you could not lose them in Windows 2000. Microsoft made this change, but provided no on-screen warning.

            The Microsoft document quoted above says, "Stand-alone computers do not have a default DRA,..."

            It should say, Stand-alone computers CANNOT have a DRA that allows decryption of files from a different computer with the same user name and password.

            As I mentioned, this was verified by Microsoft Tecnhical Support representatives, as was the information in my parent post.

            You said above, "I believe the process can be started with a simple cipher /r." This is a VERY serious matter. People lose their files!!! You should not be posting comments in which you take a seemingly sure position, but that sureness is based on "belief".
            • The only difference between 2000 and XP's EFS system for data recovery agents (DRAs) is that 2000 used to make administrators DRAs by default but XP requires you to do it manually using this procedure [microsoft.com].

              Yeah, you can lose your data, if you reset the user's password. Before you reset a password, a big ugly warning box is shown stating that the user might expierence data loss. (a dialog not present in 2000). It's not like you'll magically lose your files in XP for no reason.

              This information means that you can

            • Not exactly. A public/private key set is generated the first time you encrypt a file. The public key is used to encrypt files and the private to decrypt them. The only place these keys are stored are in a special key store that is encrypted with your password, unless you explicitly export the keys with the Certificates snap-in. On a domain, this is in the Active Directory and on stand-alone computers it's in the SAM. When your account is deleted or the password is reset, the key store is lost. Even though y

  • slashdotted (Score:5, Funny)

    by crazyray (776321) * on Saturday May 07 2005, @03:37PM (#12463837)
    from the "about" page: Professional co-location was/is out of the question simply because of the costs and I did/do have bigger plans than to be able to host this kind of thing at home. To be honest, if this thing grows any bigger I'll be moving the whole shebang to a datacenter after all... Prices have dropped quite a bit since about two years ago and now. But, until then, all this comes from my server at a friends house where he has an amazing 10mbit up&down.

    Well, I guess he USED to be your friend, until you slashdotted his internet connection....

  • Also encrypted my machine (Score:5, Funny)

    by jurt1235 (834677) on Saturday May 07 2005, @03:42PM (#12463867) Homepage
    It now looks like a toaster.
  • he would've used usb thumb drive to boot that thing and store the encryption key there.

    Another pitfall is that samba.. not secure.. again, if he'd install vpn server there that would create secured medium for accessing it, would be another story.

    The saddest part probably is that he raped SGI 320 and put AMD in it! just to have cool case for his desktop, seesh, he'd have much more geek respect, by keeping that SGI intact.

  • Note to law enforcement. Dont reboot. (Score:5, Interesting)

    by Bazman (4849) on Saturday May 07 2005, @03:45PM (#12463884) Journal
    I'm guessing the encryption password needs to be re-entered on reboot (before mounting the FS, it seems). So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain. Just dd it all across the network.

    And oh yeah, with SMB as your network file system, is the traffic securely encrypted? Weakest link, and all that...

    Baz

    PS yes, I know you're only doing legal stuff :)
    • TFA suggests you use his cryptfs script thus:

      cryptfs -m Encryption key: secretstring

      dont forget to zap your .bash_history file afterwards. Its the first place we look.

      Baz

    • Even worse HES DOWNLOADING FROM BITTORENT. Why would the feds need to bust in? The **AAs will just catch him like every other bt user since the bt protocol itself isnt encrypted. Like any other P2P network, users connect to other users would have the data. Just start downloading a torrent and log everyones ips that connect to you.

    • >Just dd it all across the network.

      Of course, that's dd from a CD-ROM full of statically linked programs. Investigators shouldn't trust target machines for anything. And if you ever look at a machine that may wind up in court, make sure you don't do anything that writes to the hard disk.

      The Secret Service guidelines for seizing computers say to consult a computer specialist if possible before doing anything, but if there's no specialist to be had they say to yank the power cord.

      Doing investigations ri

  • Big fan... (Score:4, Funny)

    by creimer (824291) on Saturday May 07 2005, @03:48PM (#12463907) Homepage
    Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.
    • Looks like a 120 mm fan to me. They're becoming fairly common now, especially among the silent PC crowd. I even come across 90mm fans now and then...
    • As everyone else said, 120mm. I've got 2 of them in my case. Why? Because they are bigger, they move more air with less fans (more air/fan), less power, and are typically quieter for the amount of air they move. For my case, I would need to replace my 2 120mm fans with probably 4 80mm fans to get the same CFM. All the while, power and noise will increase (as well as cost).
    • Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.

      As others have pointed out, 120mm (4.72 inches). This is pretty much the perfect size to mount in three 5.25 inch bays. I have one mounted on my s
  • I built a fully encrypted system once. Even the source was encrypted. Sadly, I lost the key and it was all for naught...

    • Re:I did this once... (Score:3, Funny)

      by Anonymous Coward
      I want to write a freeware opensource encryption program. I will advertise only that it will encrypt the contents of "My Documents" so that nobody can decrypt it.

      After that my program will print a message about the commercial version having support for decryption and where to send $25.00 via Pay Pal.

  • Defeats the purpose... (Score:5, Insightful)

    by Doodhwala (13342) on Saturday May 07 2005, @03:55PM (#12463943) Homepage
    So, what exactly does this accomplish? When you use Bittorrent, the protocol both downloads and uploads data at the same time (look up the tit-for-tat policy followed by BT to ensure fairness). If you were in the US, all the RIAA needs to do to sue you is download a single chunk of data from you. They don't need to break your door down and cart the computer away. So, the encryption is moot anyway.

  • Mirror? (Score:2, Interesting)

    by Fjornir (516960)
    Site is not responding. Anyone have a mirror? Anyone who happened to read it able to comment on how this compares to Freenet [freenetproject.org] ?

  • Obstruction of justice (Score:5, Informative)

    by Anonymous Coward on Saturday May 07 2005, @04:06PM (#12463987)
    If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice. The maximum sentence of obstruction of justice is the same as the crime you are trying to avoid. So it really doesn't help you avoid anything.

    http://www.ohiobar.org/pub/lycu/index.asp?articlei d=138 [ohiobar.org]
    • But if the very long and complex password is stored in a file, which doesn't exist, is that obstruction?
        • Ok, so what if the key is only held in memory, or perhaps some kind of self-destructing key such that the loss of the key is invoked by the authorities, not the accused... is there a line somewhere?
    • You use the phrase "don't hand over" but this is an oversimplification of a complicated legal issue.
      Let's take two examples.
      Example One
      You say: "Fuck you dirty rat coppers, I have the key and I spit at your entire justice system which I haven nothing but contempt for. I have the key and I refuse to give it to you. Go to hell."
      Well, in that case I think you might be right.
      But let's try another instance of "don't hand over" that has different implications.
      Example Two
      You say:

    • Re:Obstruction of justice (Score:5, Interesting)

      by Albinofrenchy (844079) on Saturday May 07 2005, @05:15PM (#12464287)
      Password? Encrypted? Officer, those files aren't encrypted, they are just randomly generated files I made... On a more serious note, it would be a nice safety feature if that when a certain wrong password was typed in, it would show an unencrypted version of something completely legal.

        • That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files.

          I'm not sure if we're thinking of the same project, but the one I knew was called "rubber hose". For a while, it was hosted at www.rubberhose.org, but that site dropped off the net several years ago, and to the best of my knowledge has not reappeared since.

          A fe

    • Let me get this straight with another example:

      Cop: "Are you guilty of [crime]?"

      Me: "No!" or

      Me: "..."

      Despite my handsomely elaborate defense, I end up in jail for [crime] with a definitive sentence.

      At that point, the zealous cop shows up and tells me he's also going to charge me with obstruction of justice, because he kindly asked me a question the first time around, and I lied or said nothing?

      You got it backwards, I guess. The suspect is never required to collaborate with his/her prosecutors. They ma

  • I've already been doing this for quite some time now with Azureus [sourceforge.net], and the Swing Web Interface [sourceforge.net] plugin alongside RSS Feed Scanner [sourceforge.net] plugin (to download TV shows automatically). There's even an IRC bot [sourceforge.net] plugin to allow control over an IRC network/channel.

    Why is my way better? Well, the default BitTorrent client is somewhat lacking feature wise. Azureus is more powerful and gives you more control over what to do with the torrents when they are done downloading. Not to mention the support for trackerless torrent [slashdot.org]

  • Differentl laws in that country make this useful! (Score:3, Insightful)

    by orionware (575549) on Saturday May 07 2005, @04:21PM (#12464059)
    At first I thought, "wtf good is that?!". I figured it was for the ultra paranoid. Then I realized. He lives in a country where the law has to actually have physical proof of you breaking the law. Here in the US I don't think they feds need to kick in the door and find your mp3s being fed to the world to actually charge you. They just strongarm your ISP for your info.

    The theory in his country being if they can't find anything on your drive, then they can't prove shit.

    Must be nice...

  • Website Fried (Score:5, Funny)

    by QBasicer (781745) on Saturday May 07 2005, @05:52PM (#12464451) Homepage Journal
    In other news, MySQL is out of memory, and if you click the little help link it provides, it takes you to the best 404 page i've seen. (Click here for direct link [selwerd.nl])

    • Re:Piracy how-tos? (Score:5, Insightful)

      by Anonymous Coward on Saturday May 07 2005, @03:47PM (#12463891)
      ummm, are you a moron? Just because it says "torrent" does NOT mean piracy. There are many legitimate uses for bittorrent and many legitimate reason to want to encrypt files....put them together and what do you get? RTFA next time you fucking mpaa monkey.

    • Blizzard (Score:5, Funny)

      by Alcimedes (398213) on Saturday May 07 2005, @03:55PM (#12463944)
      Shit, you better call up Blizzard quick. They've been using this warez technology to distribute their game patches. Who knew all torrents were illegal!

      Douche bag.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.