Hi all
I am currently using various puppy's as thin clients (working totally in ram) from multi session DVDs, which allows me to use my desktop and settings on any PC.
Is there any way to password protect/encrypt the DVDs so that they would be useless to anyone else? (even if they looked at the DVDs from puppy or another OS) but still allow them to boot normally (apart from having to enter a password)
any ideas/help would be greatly appreciated
Stripe
Encrypting a multisession dvd
Interesting problem. Here are some thoughts. Or rather, wild guesses.
As a general approach, I suppose each session would have to be encrypted, either in one lump before it is saved, or on the fly, as it is written to the DVD.
It seems to me that encrypting the original session which contains the Puppy iso would cause great difficulty, but there's no need to encrypt the first session anyway, as it only contains the Puppy iso, which is already available to anyone who wants it. All that really needs to be encrypted is the contents of subsequent sessions. They contain the programs and settings which customize your Puppy, and anything else you've saved. So, how to encrypt those sessions, or which of several approaches might work best, and how to decrypt them when they are loaded into RAM, is the problem.
After isolinux (I think that's what the small Linux that loads first is called) loads the first (unencrypted) session into RAM from the DVD, loading the encrypted sessions from the DVD into RAM would require isolinux to run the decryption program as it reads them from the DVD. I suppose that could be done, but it means that isolinux would have to know when to run the decryption program. As each session is read from the DVD, it would be decryped on the fly by isolinux as it is loaded into RAM.
An identical encryption program would have to be in Puppy after it is running in RAM. This encryption program would be used to encrypt the sessions before they are burned onto the DVD. But that encryption program doesn't have to be in the original Puppy iso. It can be in one of the saved sessions.
As a general approach, I suppose each session would have to be encrypted, either in one lump before it is saved, or on the fly, as it is written to the DVD.
It seems to me that encrypting the original session which contains the Puppy iso would cause great difficulty, but there's no need to encrypt the first session anyway, as it only contains the Puppy iso, which is already available to anyone who wants it. All that really needs to be encrypted is the contents of subsequent sessions. They contain the programs and settings which customize your Puppy, and anything else you've saved. So, how to encrypt those sessions, or which of several approaches might work best, and how to decrypt them when they are loaded into RAM, is the problem.
After isolinux (I think that's what the small Linux that loads first is called) loads the first (unencrypted) session into RAM from the DVD, loading the encrypted sessions from the DVD into RAM would require isolinux to run the decryption program as it reads them from the DVD. I suppose that could be done, but it means that isolinux would have to know when to run the decryption program. As each session is read from the DVD, it would be decryped on the fly by isolinux as it is loaded into RAM.
An identical encryption program would have to be in Puppy after it is running in RAM. This encryption program would be used to encrypt the sessions before they are burned onto the DVD. But that encryption program doesn't have to be in the original Puppy iso. It can be in one of the saved sessions.
In case of loss, how do I protect information
Read your OP. It is very interesting indeed. Never have thought about what I would do if I lost my "Grand Funk Railroad" CD? How would I stop someone from watching it?
I know this is NOT about music CDs, but what you ask is how to protect removalble Live media from use.
So, I'm not sure, but did I remember that GRUB2/GRUB4DOS had the ability to read/boot encrypted? I do remember password protection, but, seems I read somewhere about booting encrypted "something???"
Hope this helps.
I know this is NOT about music CDs, but what you ask is how to protect removalble Live media from use.
So, I'm not sure, but did I remember that GRUB2/GRUB4DOS had the ability to read/boot encrypted? I do remember password protection, but, seems I read somewhere about booting encrypted "something???"
Hope this helps.
Last edited by gcmartin on Thu 09 Jun 2011, 15:17, edited 1 time in total.
Concerned about the OP question
I have used PXES for many, many years. IT IS, to me, THE BEST x86 THIN CLIENT OS on the landscape.
I have never ever has a user need to save stuff on the desktop? Are you using Puppy to be a Thin Client where it only boots to a lock-down application for accessing your remote systems?
Let's us know. Because, if not, this is not a thin client.
Further, what systems are you connecting your thin clients to (Microsoft/LTSP/Citrix/HP/AIX/IBM mainframe...which)?
If you are wondering why I'm asking, its because I trying to understand what data you are most concerned abouit.
I have never ever has a user need to save stuff on the desktop? Are you using Puppy to be a Thin Client where it only boots to a lock-down application for accessing your remote systems?
Let's us know. Because, if not, this is not a thin client.
Further, what systems are you connecting your thin clients to (Microsoft/LTSP/Citrix/HP/AIX/IBM mainframe...which)?
If you are wondering why I'm asking, its because I trying to understand what data you are most concerned abouit.
Hi all
flash and gcmartin, thanks for some great ideas on the encryption of a multisession dvd I will look into them
Thanks
At the moment I am saving files that I may need elswhere/often to the dvd using Bcrypt or if it is a directory compressing it to tar.gz then encrypting it. (have not found how to encrypt a directory with bcrypt yet.) if it is a large file/directory I usualy save it to a seperate usb drive and encrypt it there. (so it dosnt get loaded into ram at boot up which is useful on ram limited hardware) also I have a mobile swap partition on the usb as well (again for using limited hardware/non linux systems without having to use a hard drive)
I always try to use puppy totaly in ram (for security and performance) without using a hard drive, (I thought this was a type of thin client, if not sorry for the confusion)
I run puppy as a live dvd (but with the exeption of a couple of save files so that my desktop preferences/installed software are loaded at boot) and I can quit any session without saving so that I can still boot to "my desktop" in its pristene state.
The main problem is that in our house me, my wife and daughter all use our own multisession dvd's so there is no arguments about who is on what machine, I am just trying to improve the security/privacy so nobody can use/read anyone elses dvd
sorry for the long post and hope this makes it a bit clearer
stripe
flash and gcmartin, thanks for some great ideas on the encryption of a multisession dvd I will look into them
Thanks
At the moment I am saving files that I may need elswhere/often to the dvd using Bcrypt or if it is a directory compressing it to tar.gz then encrypting it. (have not found how to encrypt a directory with bcrypt yet.) if it is a large file/directory I usualy save it to a seperate usb drive and encrypt it there. (so it dosnt get loaded into ram at boot up which is useful on ram limited hardware) also I have a mobile swap partition on the usb as well (again for using limited hardware/non linux systems without having to use a hard drive)
I always try to use puppy totaly in ram (for security and performance) without using a hard drive, (I thought this was a type of thin client, if not sorry for the confusion)
I run puppy as a live dvd (but with the exeption of a couple of save files so that my desktop preferences/installed software are loaded at boot) and I can quit any session without saving so that I can still boot to "my desktop" in its pristene state.
The main problem is that in our house me, my wife and daughter all use our own multisession dvd's so there is no arguments about who is on what machine, I am just trying to improve the security/privacy so nobody can use/read anyone elses dvd
sorry for the long post and hope this makes it a bit clearer
stripe
Thanks @Stripe for clarifying your need.
Your use of Puppy is in its full distro mode. This is NOT a thin-client which technically means something completely different.
Yes, your use of Puppy is well understood. And, I have been running this way for all PUPs (i.e. Live media, usb/hdd SWAP, saving sessions back to Live media.)
I don't have the talents to modify PUPs as your needs request. But, here's a thought (I have used this for other additional directory needs on the Live media). If you
Just a thought that might help for your LIve media needs I'm sure others will recommend alternatives. OR PUP may very well have a mechanism for addressing this encryption need now that we know what you are attempting.
Hope this helps.
Your use of Puppy is in its full distro mode. This is NOT a thin-client which technically means something completely different.
Yes, your use of Puppy is well understood. And, I have been running this way for all PUPs (i.e. Live media, usb/hdd SWAP, saving sessions back to Live media.)
I don't have the talents to modify PUPs as your needs request. But, here's a thought (I have used this for other additional directory needs on the Live media). If you
- create an encrypted directory chain, either, in PUP's filesystem or on HDD/USB/NAS
- Use that directory for saving your personal needs
- Before shutdown, use growisofs to write/rewrite the folder to your Live media
Just a thought that might help for your LIve media needs I'm sure others will recommend alternatives. OR PUP may very well have a mechanism for addressing this encryption need now that we know what you are attempting.
Hope this helps.
Stripe wrote:Hi all
At the moment I am saving files that I may need elswhere/often to the dvd using Bcrypt or if it is a directory compressing it to tar.gz then encrypting it. (have not found how to encrypt a directory with bcrypt yet.)
stripe
I don't think bcrypt will password protect directories that's why jamesbond and myself developed FolderEnc. Mind you, most of the credit goes to jamesbond.
http://www.smokey01.com/pets/FolderEnc-1.0.pet
Install the PET, Right click on a directory, Add encryption select type, type password twice, then click OK. Now your directory is encrypted. To hide access you close it. When it's closed, you can open it. Don't lose your password as there is no back door. If you want, you can even remove the encryption when it in the open state. All done with the right mouse key.
Enjoy.
Last edited by smokey01 on Sat 11 Jun 2011, 08:28, edited 1 time in total.
Stripe, once you get the contents of a directory encrypted in RAM or on a HD, there is a way to save that directory onto your multisession DVD as a separate session which is not loaded when Puppy boots but is visible by mounting the DVD after Puppy boots (it shows as a directory in ROX when you mount the multisession DVD). You can even add stuff to the directory by using the same name for a subsequent directory which you save to the multisession DVD. When you use the same name, it only shows up as one directory when you mount the DVD, with everything in it that you've saved in all the sessions with the same name. I hope that makes sense. Try it on a rewritable DVD is the best way to see how it works.
See here and here for details.
I don't see why the encryption program wouldn't work to decrypt the contents of the encrypted session.
See here and here for details.
I don't see why the encryption program wouldn't work to decrypt the contents of the encrypted session.
Hi all
@smokey01, thanks for the link to the pet it seems to work great, thank you
@Flash, that looks like you have solved my main problems, with the new saved file/directory not loading at boot up it still alows for the maximum possible use of the available ram on limited hardware. I will try your method and report back.
thanks again everybody
stripe
@smokey01, thanks for the link to the pet it seems to work great, thank you
@Flash, that looks like you have solved my main problems, with the new saved file/directory not loading at boot up it still alows for the maximum possible use of the available ram on limited hardware. I will try your method and report back.
thanks again everybody
stripe