Forgot your password?
typodupeerror
Data Storage Encryption Operating Systems Security Networking BSD Hardware

Encrypted Fileserver with Bittorrent Web Interface 266

Posted by timothy
from the freenetesque dept.
mistermark writes "I built a fully encrypted (samba) fileserver with a web interface for managing torrent downloads on it. All I used is OpenBSD 3.6 and its package collection, except for the TorrentFlux-interface (which you need to install separately). Anyway, it can be built using binary packages only. I included a rough HOWTO on how to make one of these yourself."
This discussion has been archived. No new comments can be posted.

Encrypted Fileserver with Bittorrent Web Interface

Comments Filter:
  • Nice (Score:5, Funny)

    by slashalive (853666) on Saturday May 07, 2005 @04:34PM (#12463816)
    Now you can seed your secret corporate documents!
  • why? (Score:5, Insightful)

    by Anonymous Coward on Saturday May 07, 2005 @04:36PM (#12463825)
    Pertend I'm stupid, why would I want this?
    • Re:why? (Score:5, Funny)

      by big_groo (237634) <groovis&gmail,com> on Saturday May 07, 2005 @04:46PM (#12463889) Homepage
      Pertend I'm stupid...

      No need.

    • Re:why? (Score:3, Informative)

      by jurt1235 (834677)
      Simple: You have random users which make backups to your machine but don't want anybody else to be able to read these backups.
    • Re:why? (Score:5, Insightful)

      by caluml (551744) <slashdot&spamgoeshere,calum,org> on Saturday May 07, 2005 @05:01PM (#12463969) Homepage
      Yeah, I can't work this out either. The problem with torrents is not storing them safely, or downloading them safely. It's that when you start downloading a file using torrents, your IP address is known by the tracker which gives away the fact you're a downloader.
      Sure, store them on an AES-256 encrypted filesystem, sure, use SSL for the transfer. But it doesn't help the fact that the downloaders/uploaders are known.
      • "But it doesn't help the fact that the downloaders/uploaders are known."

        Would this work if it was used in conjunction with an anonymizing HTTP proxy service? Or freenet?
        • Re:why? (Score:2, Insightful)

          by Elshar (232380)

          I'm pretty sure that no HTTP proxy service would be terribly thrilled should you start hammering their connection with your warez'd bittorrent transfers.

          Not to mention you don't know if they are logging who uses their proxy servers. It wouldn't be hard to track + log connections. And, should they get a subpeona, they WILL relinquish that information.

    • Re:why? (Score:2, Insightful)

      by theraccoon (592935)

      I don't know. TFA says:

      "You at least need to proof the person actually possesses the data and in my case... good luck proofing that."

      Actually... Bittorrent shows who's connected to you, who's uploading to you, and who's downloading from you. Those logs, at least in the good 'ole US of A, are proof enough for God the RIAA to file a lawsuit against you (or as the case may be, your IP address). The RIAA has never had to confiscate a file sharer's HD or computer, but I bet if they did, they could find som

    • why would I want this?

      From the site:

      "Use? Actually, I'm not sure"

      As others have pointed out- wiretaps, "give us the key or you go to jail just as long", as well as simply not unplugging the box...all make this project pretty pointless.

      I also got a kick out of the author bragging, under a screenshot showing links to numerous illegal torrent sites, "that's a legal torrent I'm downloading!" Do these people think they're clever or something?

      • I do believe you are wrong. I don't think the police or anyone can compelle you to give them encryption keys. Since they are not physical, but knowledge based, you "giving" them the keys is actually you testifying. The 5th amendment protects you from them forcing you to testify.

        So in the end if they can't keep you in jail till you give them the keys. Also, the RIAA surely can't make you tell them.
        • That's a very interesting angle. Although normally we write down our keys some place (one good reason to use a passphrase with your keys). I believe the court and confiscate personal material to use as evidence, example the court could take your diary and use it. If they can take a diary, they can certainly take an electronic or paper copy of your keys. IANAL so I don't know if the court can compel you to hand over physical evidence, but I think they can.

          So pick a good passphrase and memorize it and don't
  • slashdotted (Score:5, Funny)

    by crazyray (776321) * on Saturday May 07, 2005 @04:37PM (#12463837)
    from the "about" page: Professional co-location was/is out of the question simply because of the costs and I did/do have bigger plans than to be able to host this kind of thing at home. To be honest, if this thing grows any bigger I'll be moving the whole shebang to a datacenter after all... Prices have dropped quite a bit since about two years ago and now. But, until then, all this comes from my server at a friends house where he has an amazing 10mbit up&down.

    Well, I guess he USED to be your friend, until you slashdotted his internet connection....
  • by jurt1235 (834677) on Saturday May 07, 2005 @04:42PM (#12463867) Homepage
    It now looks like a toaster.
  • he would've used usb thumb drive to boot that thing and store the encryption key there.

    Another pitfall is that samba.. not secure.. again, if he'd install vpn server there that would create secured medium for accessing it, would be another story.

    The saddest part probably is that he raped SGI 320 and put AMD in it! just to have cool case for his desktop, seesh, he'd have much more geek respect, by keeping that SGI intact.
  • by Bazman (4849) on Saturday May 07, 2005 @04:45PM (#12463884) Journal
    I'm guessing the encryption password needs to be re-entered on reboot (before mounting the FS, it seems). So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain. Just dd it all across the network.

    And oh yeah, with SMB as your network file system, is the traffic securely encrypted? Weakest link, and all that...

    Baz

    PS yes, I know you're only doing legal stuff :)
    • TFA suggests you use his cryptfs script thus:

      cryptfs -m Encryption key: secretstring

      dont forget to zap your .bash_history file afterwards. Its the first place we look.

      Baz
    • Even worse HES DOWNLOADING FROM BITTORENT. Why would the feds need to bust in? The **AAs will just catch him like every other bt user since the bt protocol itself isnt encrypted. Like any other P2P network, users connect to other users would have the data. Just start downloading a torrent and log everyones ips that connect to you.

    • I do not know samba supports it, but i know windows does let you sign traffic that is sent. But i do not think all the traffic can be encrypted. I think you have to be a domain member to encrypt traffic. But i might be wrong.
    • So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain.

      I've always had the power strip for my box on the floor next to my left foot. If I need to do an emergency power-off cuz the FBI wants to talk to me or because I got some Jenna Jameson on the screen and my boss just walked in, I can hit it in a hearbeat.

      Not that I would ever put myself in a situation like that, but I'd rather be prepared "just in case".
    • >Just dd it all across the network.

      Of course, that's dd from a CD-ROM full of statically linked programs. Investigators shouldn't trust target machines for anything. And if you ever look at a machine that may wind up in court, make sure you don't do anything that writes to the hard disk.

      The Secret Service guidelines for seizing computers say to consult a computer specialist if possible before doing anything, but if there's no specialist to be had they say to yank the power cord.

      Doing investigations ri
  • Big fan... (Score:4, Funny)

    by creimer (824291) on Saturday May 07, 2005 @04:48PM (#12463907) Homepage
    Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.
    • Looks like a 120 mm fan to me. They're becoming fairly common now, especially among the silent PC crowd. I even come across 90mm fans now and then...
      • Looks like a 120 mm fan to me. They're becoming fairly common now, especially among the silent PC crowd. I even come across 90mm fans now and then...

        The 90mm fan size was common on IBM power supplies that fit in their full sized AT case. They were huge, about twice the size of our current standard, and typically the cover had a hole cut into it so you could actually use the big ass switch. It was normal for me to see the hole for the big switch on clone power supplies covered with a plate with wires com
    • As everyone else said, 120mm. I've got 2 of them in my case. Why? Because they are bigger, they move more air with less fans (more air/fan), less power, and are typically quieter for the amount of air they move. For my case, I would need to replace my 2 120mm fans with probably 4 80mm fans to get the same CFM. All the while, power and noise will increase (as well as cost).
    • Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big. (Although when I had an AMD K-5 computer back in 1997, I would open up the case during the summer and use a 20" floor fan to keep it cool.) I think have the front end open like defeats the purpose of cooling down that many hard drives.

      As others have pointed out, 120mm (4.72 inches). This is pretty much the perfect size to mount in three 5.25 inch bays. I have one mounted on my s
    • Can anyone identify the size of the fan being used on that server? I'm used to seeing 60mm and 80mm fans but not one that big.
      I don't blame you for not know, or even for asking when you could quickly have looked it up, but I certainly do blame the idiot moderators that gave you points for the dumb question...

      Beyond 80mm fans, 92 and 120mm fans are common. I have a couple from several years back. I stick with 80mm fans now, for numerous reasons.
    • That's a standard 120mm fan. Useful to get nice airflow without the high-pitched whine of smaller fans. My current desktop has two of those (One in PSU, one on the radiator)
  • by k4_pacific (736911) <k4_pacific@NOspam.yahoo.com> on Saturday May 07, 2005 @04:53PM (#12463934) Homepage Journal
    I built a fully encrypted system once. Even the source was encrypted. Sadly, I lost the key and it was all for naught...
    • by Anonymous Coward
      I want to write a freeware opensource encryption program. I will advertise only that it will encrypt the contents of "My Documents" so that nobody can decrypt it.

      After that my program will print a message about the commercial version having support for decryption and where to send $25.00 via Pay Pal.

  • by Doodhwala (13342) on Saturday May 07, 2005 @04:55PM (#12463943) Homepage
    So, what exactly does this accomplish? When you use Bittorrent, the protocol both downloads and uploads data at the same time (look up the tit-for-tat policy followed by BT to ensure fairness). If you were in the US, all the RIAA needs to do to sue you is download a single chunk of data from you. They don't need to break your door down and cart the computer away. So, the encryption is moot anyway.
  • Mirror? (Score:2, Interesting)

    by Fjornir (516960)
    Site is not responding. Anyone have a mirror? Anyone who happened to read it able to comment on how this compares to Freenet [freenetproject.org] ?
  • by Anonymous Coward on Saturday May 07, 2005 @05:06PM (#12463987)
    If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice. The maximum sentence of obstruction of justice is the same as the crime you are trying to avoid. So it really doesn't help you avoid anything.

    http://www.ohiobar.org/pub/lycu/index.asp?articlei d=138 [ohiobar.org]
    • by fbjon (692006)
      But if the very long and complex password is stored in a file, which doesn't exist, is that obstruction?
    • If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice.

      And the link you so thoughtfully provided says nothing about forcing someone to testify against themselves, which is what you're talking about.

      Damn, did I just feed a troll?
      • And the link you so thoughtfully provided says nothing about forcing someone to testify against themselves, which is what you're talking about

        You can invoke the fifth amendment while being questioned by the police or testifying before a court. The privilege is pretty much defined as a limited right to remain silent. It does not allow you to obstruct the execution of a lawful search warrant or discovery process without paying a price.

    • I wonder how the data retention^h^h^h^h^h^h^h^h^h deletion policies corporations such as Microsoft have put in place on e-mail would fare in that regard....
    • by Anonymous Coward
      You use the phrase "don't hand over" but this is an oversimplification of a complicated legal issue.
      Let's take two examples.
      Example One
      You say: "Fuck you dirty rat coppers, I have the key and I spit at your entire justice system which I haven nothing but contempt for. I have the key and I refuse to give it to you. Go to hell."
      Well, in that case I think you might be right.
      But let's try another instance of "don't hand over" that has different implications.
      Example Two
      You say:
    • by Albinofrenchy (844079) on Saturday May 07, 2005 @06:15PM (#12464287)
      Password? Encrypted? Officer, those files aren't encrypted, they are just randomly generated files I made... On a more serious note, it would be a nice safety feature if that when a certain wrong password was typed in, it would show an unencrypted version of something completely legal.
      • by Anonymous Coward
        That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files. Then all they have is, for example, a bunch of fake emails about you cheating on your spouse or something. I mean, if it was just a shopping list, that'd look suspicious, you'd want it to be something that would need to be encrypted, but not of interest to the party forcing
        • But then they would know you were doing that because the plaintext is significantly smaller than the ciphertext.
        • That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files.

          I'm not sure if we're thinking of the same project, but the one I knew was called "rubber hose". For a while, it was hosted at www.rubberhose.org, but that site dropped off the net several years ago, and to the best of my knowledge has not reappeared since.

          A fe

      • Fascinating idea but wouldn't do any good.

        Basic crypto says you should expect your opponent to know what algorithm you're using. Even if you do your encryption and decryption in hardware, sooner or later the Polish resistance will capture one of your machines and hand it over to British intelligence.

        So if you have software that hands out bogus plaintext in response to a bogus key, whoever's investigating you will know to ask for BOTH keys.
    • Let me get this straight with another example:

      Cop: "Are you guilty of [crime]?"

      Me: "No!" or

      Me: "..."

      Despite my handsomely elaborate defense, I end up in jail for [crime] with a definitive sentence.

      At that point, the zealous cop shows up and tells me he's also going to charge me with obstruction of justice, because he kindly asked me a question the first time around, and I lied or said nothing?

      You got it backwards, I guess. The suspect is never required to collaborate with his/her prosecutors. They ma

    • If the cops bust you, and you have an encrypted hard drive and you don't hand over the password, you will be charged with obstruction of justice.

      Interesting. I'm curious, by the way. Which country do you live in? The situation you describe is quite different from that in the United States, and I'm curious as to how other cultures and legal systems work.

    • It's a shame the cop doesn't get arrested for obstruction of privacy.
  • Already Been Done (Score:2, Informative)

    by Alien Venom (634222)
    I've already been doing this for quite some time now with Azureus [sourceforge.net], and the Swing Web Interface [sourceforge.net] plugin alongside RSS Feed Scanner [sourceforge.net] plugin (to download TV shows automatically). There's even an IRC bot [sourceforge.net] plugin to allow control over an IRC network/channel.

    Why is my way better? Well, the default BitTorrent client is somewhat lacking feature wise. Azureus is more powerful and gives you more control over what to do with the torrents when they are done downloading. Not to mention the support for trackerless torrent [slashdot.org]
  • by orionware (575549) on Saturday May 07, 2005 @05:21PM (#12464059)
    At first I thought, "wtf good is that?!". I figured it was for the ultra paranoid. Then I realized. He lives in a country where the law has to actually have physical proof of you breaking the law. Here in the US I don't think they feds need to kick in the door and find your mp3s being fed to the world to actually charge you. They just strongarm your ISP for your info.

    The theory in his country being if they can't find anything on your drive, then they can't prove shit.

    Must be nice...
  • by Kinetic (3472)
    It looks like the article is down. As usual, MirrorDot [mirrordot.com] has the mirror available.
    • Looks like the bandwidth is good, too bad mysql couldn't forge past the memory problem.
      Maybe a OS limitation?

      It would be nice to know how to harden a system from slashdotting so that you can optimize the failure to occur in bandwidth, not the system.

      Warning: mysql_connect() [function.mysql-connect]: Can't create a new thread (errno 35). If you are not out of available memory, you can consult the manual for a possible OS-dependent bug in /usr/local/www/textpattern/lib/txplib_db.php on line 15
  • The most educating part of the article is here: function.mysql-connect [selwerd.nl]
    Now watch the server get a real slashdotting from all the refreshes. :P
  • by QBasicer (781745) on Saturday May 07, 2005 @06:52PM (#12464451) Homepage Journal
    In other news, MySQL is out of memory, and if you click the little help link it provides, it takes you to the best 404 page i've seen. (Click here for direct link [selwerd.nl])

You can do more with a kind word and a gun than with just a kind word. - Al Capone

Working...