Cryptocrystalline | BSD Now 16

Cryptocrystalline | BSD Now 16

We\’ll be showing you how to do a fully-encrypted installation of FreeBSD and OpenBSD. We also have an interview with Damien Miller – one of the lead developers of OpenSSH – about some recent crypto changes in the project. If you\’re into data security, today\’s the show for you. The latest news and all your burning questions answered, right here on BSD Now – the place to B.. SD.

Thanks to:


Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –


Secure communications with OpenBSD and OpenVPN

  • Starting off today\’s theme of encryption…
  • A new blog series about combining OpenBSD and OpenVPN to secure your internet traffic
  • Part 1 covers installing OpenBSD with full disk encryption (which we\’ll be doing later on in the show)
  • Part 2 covers the initial setup of OpenVPN certificates and keys
  • Parts 3 and 4 are the OpenVPN server and client configuration
  • Part 5 is some updates and closing remarks

FreeBSD Foundation Newsletter

  • The December 2013 semi-annual newsletter was sent out from the foundation
  • In the newsletter you will find the president\’s letter, articles on the current development projects they sponsor and reports from all the conferences and summits they sponsored
  • The president\’s letter alone is worth the read, really amazing
  • Really long, with lots of details and stories from the conferences and projects

Use of NetBSD with Marvell Kirkwood Processors

  • Article that gives a brief history of NetBSD and how to use it on an IP-Plug computer
  • The IP-Plug is a \”multi-functional mini-server was developed by Promwad engineers by the order of AK-Systems. It is designed for solving a wide range of tasks in IP networks and can perform the functions of a computer or a server. The IP-Plug is powered from a 220V network and has low power consumption, as well as a small size (which can be compared to the size of a mobile phone charger).\”
  • Really cool little NetBSD ARM project with lots of graphs, pictures and details

Experimenting with zero-copy network IO

  • Long blog post from Adrian Chad about zero-copy network IO on FreeBSD
  • Discusses the different OS\’ implementations and options
  • He\’s able to get 35 gbit/sec out of 70,000 active TCP sockets, but isn\’t stopping there
  • Tons of details, check the full post

Interview – Damien Miller – / @damienmiller

Cryptography in OpenBSD and OpenSSH

Full disk encryption in FreeBSD & OpenBSD

  • Shows how to install both FreeBSD and OpenBSD with full disk encryption
  • We\’ll be using geli and bioctl and doing it step by step

News Roundup

OpenZFS office hours

  • Our buddy George Wilson sat down to take some ZFS questions from the community
  • You can see more info about it here

License summaries in pkgng

  • A discussion between Justin Sherill and some NYCBUG guys about license frameworks in pkgng
  • Similar to pkgsrc\’s \”ACCEPTABLE_LICENSES\” setting, pkgng could let the user decide which software licenses he wants to allow
  • Maybe we could get a \”pkg licenses\” command to display the license of all installed packages
  • Ok bapt, do it

4 Responses to “Cryptocrystalline | BSD Now 16”

  1. anon Says:

    Obama on surveillance: “There may be another way of skinning the cat”
    Fri Dec 20, 2013 5:07pm EST

    (Reuters) – As a key part of a campaign to embed encryption software
    that it could crack into widely used computer products, the U.S.
    National Security Agency arranged a secret $10 million contract with
    RSA, one of the most influential firms in the computer security
    industry, Reuters has learned.

    Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a
    “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

    Undisclosed until now was that RSA received $10 million in a deal that set the NSA
    formula as the preferred, or default, method for number generation in
    the BSafe software, according to two sources familiar with the contract.
    Although that sum might seem paltry, it represented more than a third
    of the revenue that the relevant division at RSA had taken in during the
    entire previous year, securities filings show.

  2. anon Says:

    RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.

    RSA and EMC declined to answer questions for this story, but RSA said in a
    statement: “RSA always acts in the best interest of its customers and
    under no circumstances does RSA design or enable any back doors in our
    products. Decisions about the features and functionality of RSA products
    are our own.”

    The NSA declined to comment.
    The RSA deal shows one way the NSA carried out what Snowden’s documents
    describe as a key strategy for enhancing surveillance: the systematic
    erosion of security tools. NSA documents released in recent months called for using “commercial relationships” to advance that goal, but did not name any security companies as collaborators.

  3. anon Says:

    An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST’s blessing is required for many products sold to the government and often sets a broader de facto standard.

    RSA’s contract made Dual Elliptic Curve the default option for producing
    random numbers in the RSA toolkit. No alarms were raised, former
    employees said, because the deal was handled by business leaders rather than pure technologists.

    Within a year, major questions were raised about
    Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that
    the weaknesses in the formula “can only be described as a back door.”

  4. Dan Says:

    Allan! Please stop talking over people! You keep cutting off Kris and even the guests on the shows. Grrr

Leave a Reply