Encrypted Fileserver with Bittorrent Web Interface

mistermark writes "I built a fully encrypted (samba) fileserver with a web interface for managing torrent downloads on it. All I used is OpenBSD 3.6 and its package collection, except for the TorrentFlux-interface (which you need to install separately). Anyway, it can be built using binary packages only. I included a rough HOWTO on how to make one of these yourself."

Nice

Now you can seed your secret corporate documents!

why?

Pertend I'm stupid, why would I want this?

Re:why?

Pertend I'm stupid...

No need.

Re:why?

Simple: You have random users which make backups to your machine but don't want anybody else to be able to read these backups.

Re:why?

Yeah, I can't work this out either. The problem with torrents is not storing them safely, or downloading them safely. It's that when you start downloading a file using torrents, your IP address is known by the tracker which gives away the fact you're a downloader.
Sure, store them on an AES-256 encrypted filesystem, sure, use SSL for the transfer. But it doesn't help the fact that the downloaders/uploaders are known.

now that's useful

encrypted mp3s sound so much better than regular ones.

Be very, very careful when using EFS!!!

Be very, very careful when using the Windows XP built-in file encryption, called EFS (Encryping File System).

EFS is very poorly documented. The encryption is tied to your user password in a way that is apparently not documented. EFS depends on being part of a Windows 2003 Server domain in a way that is not clearly documented; if you are using Windows XP on a stand alone computer, there are situations in which you will lose your files forever.

Microsoft technical support agrees with what I just said, and provides no help or fixes.

The official Microsoft forums contain the complaints of many people who have lost their files due to problems with EFS. One man said he lost 11 years of research.

People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize how bad Microsoft truly is.

Re:Be very, very careful when using EFS!!!

11 years of research without a single backup? Sounds like the person was asking for it!

Re:Be very, very careful when using EFS!!!

Perhaps he was encrypting his backups because of the nature of the research.
Regards,
Steve

Re:Be very, very careful when using EFS!!!

Not documented, huh?

http://support.microsoft.com/default.aspx?scid=kb; EN-US;q290260 [microsoft.com]

Summary: Rejoin your original domain and change your password to your original password.

People complain about Microsoft every day on Slashdot, but I've never seen a discussion by anyone who seemed to realize that if all you wannabe Windows Administrators left the "market", the world would be a better place for everyone.

You act sure, but you say, "I believe."

You said, "This is another example of mod-by-agreement. Anyway, EFS is documented perfectly well."

Correction: This is another example of someone on Slashdot acting sure when he knows nothing about the issue, and didn't even read the document at his first link in his Google Search: Microsoft Windows XP - Data Recovery and Data Recovery Agents [microsoft.com], which says:

"The default design for the EFS recovery policy is different in Windows XP Professional than it was in Windows 2000 Professional. Stand-alone computers [using Windows XP] do not have a default DRA, but Microsoft strongly recommends that all environments have at least one designated DRA.

"In a Windows 2000 environment, if an administrator attempts to configure an EFS recovery policy with no recovery agent certificates, EFS is automatically disabled. In a Windows XP Professional environment, the same action enables users to encrypt files without a DRA. In a mixed environment an empty EFS recovery policy turns off EFS on Windows 2000 computers, but only eliminates the requirement for a DRA on Windows XP Professional computers."

This information means that you can lose your files in Windows XP in a way that you could not lose them in Windows 2000. Microsoft made this change, but provided no on-screen warning.

The Microsoft document quoted above says, "Stand-alone computers do not have a default DRA,..."

It should say, Stand-alone computers CANNOT have a DRA that allows decryption of files from a different computer with the same user name and password.

As I mentioned, this was verified by Microsoft Tecnhical Support representatives, as was the information in my parent post.

You said above, "I believe the process can be started with a simple cipher /r." This is a VERY serious matter. People lose their files!!! You should not be posting comments in which you take a seemingly sure position, but that sureness is based on "belief".

slashdotted

from the "about" page: Professional co-location was/is out of the question simply because of the costs and I did/do have bigger plans than to be able to host this kind of thing at home. To be honest, if this thing grows any bigger I'll be moving the whole shebang to a datacenter after all... Prices have dropped quite a bit since about two years ago and now. But, until then, all this comes from my server at a friends house where he has an amazing 10mbit up&down.

Well, I guess he USED to be your friend, until you slashdotted his internet connection....

Also encrypted my machine

It now looks like a toaster.

Note to law enforcement. Dont reboot.

I'm guessing the encryption password needs to be re-entered on reboot (before mounting the FS, it seems). So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain. Just dd it all across the network.

And oh yeah, with SMB as your network file system, is the traffic securely encrypted? Weakest link, and all that...

Baz

PS yes, I know you're only doing legal stuff :)

Big fan...

Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.

I did this once...

I built a fully encrypted system once. Even the source was encrypted. Sadly, I lost the key and it was all for naught...

Re:I did this once...

I want to write a freeware opensource encryption program. I will advertise only that it will encrypt the contents of "My Documents" so that nobody can decrypt it.

After that my program will print a message about the commercial version having support for de

Defeats the purpose...

So, what exactly does this accomplish? When you use Bittorrent, the protocol both downloads and uploads data at the same time (look up the tit-for-tat policy followed by BT to ensure fairness). If you were in the US, all the RIAA needs to do to sue you is download a single chunk of data from you. They don't need to break your door down and cart the computer away. So, the encryption is moot anyway.

Obstruction of justice

If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice. The maximum sentence of obstruction of justice is the same as the crime you are trying to avoid. So it really doesn't help you avoid anything.

http://www.ohiobar.org/pub/lycu/index.asp?articlei d=138 [ohiobar.org]

Re:Obstruction of justice

But if the very long and complex password is stored in a file, which doesn't exist, is that obstruction?

Re:Obstruction of justice

Password? Encrypted? Officer, those files aren't encrypted, they are just randomly generated files I made... On a more serious note, it would be a nice safety feature if that when a certain wrong password was typed in, it would show an unencrypted version of something completely legal.

Website Fried

In other news, MySQL is out of memory, and if you click the little help link it provides, it takes you to the best 404 page i've seen. (Click here for direct link [selwerd.nl])

Re:Piracy how-tos?

ummm, are you a moron? Just because it says "torrent" does NOT mean piracy. There are many legitimate uses for bittorrent and many legitimate reason to want to encrypt files....put them together and what do you get? RTFA next time you fucking mpaa monkey.

Blizzard

Shit, you better call up Blizzard quick. They've been using this warez technology to distribute their game patches. Who knew all torrents were illegal!

Douche bag.

Re:Piracy how-tos?

Much is illegal and depending on your ethical belifs much more may be immoral. But do not assume one is a superset/subset of the other. Most you can propably say about it is that they intersect.