class: intro middle # `cryptic`: Encryption and partitioning on Ubuntu Jérémie Astori<br> [@astorije](https://twitter.com/astorije) [LibrePlanet Boston Desktop GNU/Linux Users Group - CryptoParty](https://www.meetup.com/desktop-linux-users-group/events/219275773/)<br> 4 February 2015 <footer> astori.fr/cryptic-cryptoparty </footer> ??? - Name, @astorije on Twitter and GitHub - Work for W3C, where we care a lot about privacy, thanks for the event - cryptic, Simple script to answer a complicated issue I experienced last year - If trouble reading the slides, go to astori.fr. Slides are accessible. --- layout: true class: default <header> <h2>{{ title }}</h2> </header> <footer> astori.fr/cryptic-cryptoparty </footer> --- title: Motivation - <cite>“Full-disk encryption: Very easy to use, no latency, you won't even notice it.”</cite><br> — Bruce Schneier, [NSA Surveillance and What To Do About It](https://notes.astori.fr/nsa-surveillance-and-what-to-do-about-it/) ??? - Last year, talk given by Bruce Schneier, renowned cryptographer, security and privacy specialist - Great! Let's give it a try. - Ubuntu installer: checkbox. Checked, encrypted. -- - Problem: how to split `/` and `/home` into 2 partitions? ??? - I like to keep root and home partitions separate - No option for this in Ubuntu's installer - Long several-page-long tutorials and command line skills required, not trivial -- - What about other OS? - Debian: Already in the installer - Other Unix-like OS: RTFM - Mac OS: The most efficient way to lose your data - Windows: An installer? What is that? ??? - Debian: All set, can be finely tuned up - Other Linux-like OS: Geeky enough to find a solution! - Mac OS: Needs to boot from an encrypted partition to decrypt - Windows: Nobody installs the system -- - Solution: `cryptic`! .mark[*] -- .footnote[.mark[\*] Until it is included in the installer...] ??? `cryptic`, simple / ugly script that does everything.<br> Hopefully, this script will become useless: For encryption to generalize, must be no trade-off between privacy and convenience.<br> Me: 2 partitions over encryption. Most people would make this choice. --- title: Usage - When installing Ubuntu, check *Encrypt the new Ubuntu installation for security* .center.ubuntu_installation_type[] --- count: false title: Usage - When installing Ubuntu, check *Encrypt the new Ubuntu installation for security* - Once Ubuntu is installed, before rebooting, open a terminal and type: ```console wget -N https://astori.fr/cryptic.sh . cryptic.sh ``` ??? 2 lines, very easy: 1. Downloads 2. Runs -- - By default: - `/` gets 20GiB - `/home` gets the rest of the disk --- count: false title: Usage - When installing Ubuntu, check *Encrypt the new Ubuntu installation for security* - Once Ubuntu is installed, before rebooting, open a terminal and type: ```console wget -N https://astori.fr/cryptic.sh . cryptic.sh `42G` ``` - Custom size: - `/` gets **42GiB** - `/home` gets the rest of the disk ??? Custom sizing support exabytes, roughly a million terabytes, ready for the future --- title: Live demo! ??? - Best way to crash a system is to show a live demo on stage - Chose a safer version: a set of screenshots --- count: false class: middle title: Live demo (sort of...) .center[] --- count: false class: middle title: Live demo (sort of...) .center[] ??? Some steps are slow like this one --- count: false class: middle title: Live demo (sort of...) .center[] --- count: false class: middle title: Live demo (sort of...) .center[] --- count: false class: middle title: Live demo (sort of...) .center[] --- count: false class: middle title: Live demo (sort of...) .center[] --- count: false class: middle title: Live demo (sort of...) .center[] ??? fstab == file systems table --- count: false class: middle title: Live demo (sort of...) .center[] ??? - Only took a few minutes - System is now protected and nicely split --- title: Enhancements - Not supported: - Other flavors of Ubuntu - Multi-boot - ... - Not tested on Ubuntu 14.10 - Not so robust - Support other partitioning schemes - Report to the community ??? - No Lubuntu, Xubuntu, ... - Basically only the base scenario is handled - Works on Ubuntu 13.10 and 14.04 LTS - Noticed it breaks on rare occasion - Multiple partitions, fs, mount points, ... - Actually never requested the feature to Canonical/community nor searched if already requested -- To access the documentation, contribute or report a bug: .center[https://github.com/astorije/cryptic] ??? - Will probably not fix the above, pretty stable as is - More features -> More complexity, potential bugs, ... --- title: Restore privacy in Ubuntu Since you are running scripts anyway... ```console wget -q -O - https://fixubuntu.com/fixubuntu.sh | bash ``` .center[https://fixubuntu.com/] ??? - Each time you start typing in the Dash to open an application or search for a file on your computer, your search terms get sent to a variety of third parties, some of which advertise to you. - Open the terminal and run this one-liner to disable the culprits - Pretty sure no one expected a Linux distribution would spy on them --- layout: true class: intro middle --- # Thanks! <footer> astori.fr/cryptic-cryptoparty </footer> ??? - Any questions?