Protecting ones data on removable drives

Sunday, January 25, 2009 Posted by Psyk 1 comments
With large capacity drives and USB sticks getting cheaper for more capacity, the tendency to carry more and more around with you increases. With so much information being digitzed, losing a USB-key or a small passport sized backup USB drive would be akin to losing your wallet, keys and credit cards...

Truecrypt

I've been looking at Truecrypt which is an open-source encryption application which can encrypt entire partitions, drives and/or create a virtual drive as a file on an existing file-system. It has a rich set of encryption algorithms and can also chain them together. For example, it can chain AES256 (Rijndael), Twofish and Serpent the latter two being finalists for AES encryption standard. There's plenty of information out there on the strengths of these ciphers, so I won't go into detail here...

However, if you are interested, you can read NIST's entire 116 page report on the AES encryption round and their decisions to choose Rijndael. In summary none have any known security attacks let alone cracked (it would've never made it this far if it had been cracked before :) ). The strength testing they used was on purposely weakened versions of the algorithms - and usually provided by the team themselves. Twofish and Serpent came out slightly stronger in the 'weakend' versions submitted for analysis, but didn't fare so well in things like implementation (i.e. smartcards, memory footprint for asic implementation etc.).

Unfortunately, Truecrypt only comes with packages ready for SuSE and Ubuntu, however the source is available for download.

A guide is available here if you want to build and compile it yourself.
http://arbitness.blogspot.com/2008/07/installing-truecrypt-on-fedora-9-howto.html

There's good information here as well:
http://penguinenclave.blogspot.com/2008/12/truecrypt-61-install-guide-for-fedora.html

However, what is nice is that there are binaries for Fedora available from here:
http://www.lfarkas.org/linux/packages/fedora/9/

Since I run Fedora 9 x86_64 version, there was no binary, so I downloaded the srpm file from here:
http://www.lfarkas.org/linux/packages/fedora/9/SRPMS/

The basic process for building it from SRPM is as follows:

cd ~/rpmbuild/SRPMS

wget -c http://www.lfarkas.org/linux/packages/fedora/9/SRPMS/truecrypt-6.1-1.fc9.src.rpm

rpmbuild --rebuild truecrypt-6.1-1.fc9.src.rpm

cd ~/rpmbuild/RPMS/x86_64/

su -c"rpm -Uvh truecrypt-6.1-1.fc9.src.rpm"

Truecrypt is easy to use. Once it's up and running it has a gui for mounting encrypted volumes and for creating them. Refer to the documentation at Truecrypts website.

PGP and GnuPG

Finally the other method I use is PGP or the linux implementation of it called GPG.

I've primarily been looking GPG to do symmetric cipher encryption on a single file, which basically asks for a passphrase prior to encryption. You just then need the passphrase to decrypt the file. Not as a secure as using public/private key encryption of course...
gpg -v --cipher-algo TWOFISH --symmetric --output <encrypted file> <name of file you want encrypted>

GPG defaults to 'CAST5' (or CAST-128) so I've forced it to use TWOFISH in this implementation. GPG supports a few ciphers, and you can check what's available on your system by running 'gpg --version'.
$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

The best method to modify the cipher algorithm to use is to modify the ~/.gnupg/gpg.conf file and add the following items at the end. Modifying the 'personal-cipher-preferences' option as shown defaults TWOFISH as the cipher to use first.
personal-cipher-preferences TWOFISH AES256 AES192 AES BLOWFISH CAST5 3DES
personal-digest-preferences SHA256 SHA1 SHA512 SHA384 SHA224 RIPEMD160 MD5
personal-compress-preferences ZIP ZLIB BZIP2 Z0

You probably don't need to adjust the digest-preferences unless you're wanting to use it with private/public keys etc.

To decrypt you would just type:
gpg <name of encrypted file>


If you want to encrypt multiple files, it's a lot easier to zip or tar them and then encrypt the final compressed file.

Windows users can use the win32 implementation of GnuPG available from here:
http://www.pgpi.org/download/gnupg/

A GUI front-end to GPG called WinPT is available from here:
http://winpt.gnupt.de/int/

Otherwise PGP is compatible.
http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html#trial_or_freeware

Quick update, Truecrypt is now available in Fedora 11 called Realcrypt from the rpmfusion repositories. Make sure you have rpmfusion enabled and then install via yum.

yum install realcrypt
Labels:

Mediatomb and the PS3 with mencoder

Wednesday, January 07, 2009 Posted by Psyk 7 comments


After some mucking around, I'm successfully streaming from my Fedora/Linux PC to the PS3 over wireless.

A great guide to get this going is from the mediatomb website and more specifically the transcoding section:

http://mediatomb.cc/dokuwiki/transcoding:transcoding

Take note to adjust your config.xml.

The site describes using ffmpeg and/or VLC as the transcoding engine, but I've always liked mencoder as I'm more familiar with it and have a lot of profiles defined already in ~/.mplayer/mencoder.conf.

In regards to the mediatomb config.xml file (located at ~/.mediatomb/config.xml), like with most things, it needs to be heavily customised. I have a stack of AVI's that aren't in DivX/XviD format (which is what mediatomb tells the PS3 by default) and I have some AVI files which ffmpeg borks on... however, mencoder works very well on all these files. As a result, I transcode everything rather than pass the DivX/XviD to the PS3 - and surprisingly it streams well over wireless.

So here's the "~/bin/mencoder-tr" script I use that mediatomb calls to transcode the video's from the PC to a format the PS3 can understand. In this case I'm transcoding to a DVD compliant MPEG2 stream and AC3 audio in 720x576 format:
exec mencoder \
-oac lavc -ovc lavc \
-of mpeg \
-mpegopts format=dvd:tsaf \
-vf softskip,scale=720:576,hqdn3d,harddup \
-srate 48000 \
-af lavcresample=48000:volnorm=2 \
-ofps 25 \
-lavcopts vcodec=mpeg2video:vrc_buf_size=1835:vrc_maxrate=5120:vstrict=0:keyint=15:vbitrate=5120:acodec=ac3:abitrate=192:autoaspect \
"$1" -o "$2"
The "$1" and "$2" designations are mediatomb specific...

Lastly, I have the following "transcoding" section in my "~/.mediatomb/config.xml" file:
<transcoding enabled="yes">
   <mimetype-profile-mappings> 
     <transcode mimetype="audio/mpeg" using="vlcwav"/>   
     <transcode mimetype="video/x-flv" using="transvideo"/>
     <transcode mimetype="video/mp4" using="transvideo"/>
     <transcode mimetype="video/x-quicktime" using="transvideo"/>
     <transcode mimetype="application/ogg" using="vlcwav"/>
     <transcode mimetype="audio/x-ms-wma" using="vlcwav"/>
     <transcode mimetype="audio/x-ms-asf" using="vlcwav"/>
     <transcode mimetype="audio/x-flac" using="ffmpegwav"/>
     <transcode mimetype="audio/x-aac" using="vlcwav"/>
     <transcode mimetype="audio/mp4" using="vlcwav"/>
     <transcode mimetype="video/x-msvideo" using="transvideo"/>
     <transcode mimetype="video/x-ms-wmv" using="transvideo"/>
     <transcode mimetype="video/mpeg" using="mpeg2trans"/>
     <transcode mimetype="video/x-matroska" using="transvideo"/>
     <transcode mimetype="image/jpeg" using="rescalejpeg"/>
   </mimetype-profile-mappings>
   <profiles>
     <profile name="transvideo" enabled="yes" type="external">
       <mimetype>video/mpeg</mimetype>
       <accept-url>no</accept-url>
       <first-resource>yes</first-resource>
       <agent command="mencoder-tr" arguments="%in %out"/>
       <buffer size="10485760" chunk-size="262144" fill-size="524288"/>
     </profile>
     <profile name="mpeg2trans" enabled="yes" type="external">
       <mimetype>video/mpeg</mimetype>
       <accept-url>no</accept-url>
       <first-resource>yes</first-resource>
       <hide-original-resource>yes</hide-original-resource>
       <agent command="mencoder-tr" arguments="%in %out"/>
       <buffer size="28800000" chunk-size="512000" fill-size="120000"/>
     </profile>
     <profile name="ffmpegwav" enabled="yes" type="external">
       <use-chunked-encoding>no</use-chunked-encoding>
       <mimetype>audio/wav</mimetype>
       <accept-url>no</accept-url>
       <first-resource>yes</first-resource>
       <agent command="ffmpegaudio" arguments="%in %out"/>
       <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
     </profile>
     <profile name="vlcwav" enabled="yes" type="external">
   <use-chunked-encoding>no</use-chunked-encoding>
       <mimetype>audio/wav</mimetype>
       <accept-url>yes</accept-url>
       <first-resource>yes</first-resource>
       <agent command="vlc" arguments="-I dummy %in --sout #transcode{acodec=s16l,ab=192,channels=2}:standard{access=file,mux=wav,dst=%out} vlc:quit"/>
       <buffer size="512000" chunk-size="32000" fill-size="64000"/>
     </profile>
     <profile name="rescalejpeg" enabled="yes" type="external">
       <mimetype>image/jpeg</mimetype>
       <accept-url>no</accept-url>
       <first-resource>yes</first-resource>
       <accept-ogg-theora>no</accept-ogg-theora>
       <agent command="convert" arguments="-size 1080x720 %in -auto-orient -resize 1080x720 +profile '*' %out"/>
       <buffer size="50000" chunk-size="100" fill-size="100"/>
     </profile>
    </profiles>
</transcoding>



Note the "mencoder-tr" entries that allows mediatomb to execute the required script to perform the transcoding.

The advantage of this method means that using mencoder's engine it can read pretty much any format and convert to any format, in this case a standard DVD mpeg stream.

As requested, here is my entire ~/.mediatomb/config.xml

<?xml version="1.0" encoding="UTF-8"?>
<config version="1" xmlns="http://mediatomb.cc/config/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://mediatomb.cc/config/1 http://mediatomb.cc/config/1.xsd">
  <server>
    <ui enabled="yes">
      <accounts enabled="no" session-timeout="30">
        <account user="mediatomb" password="mediatomb"/>
      </accounts>
    </ui>
    <name>MediaTomb</name>
    <udn>uuid:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</udn>
    <home>/home/xxxxxxxxxxxxx</home>
    <webroot>/usr/share/mediatomb/web</webroot>
    <storage>
      <sqlite3 enabled="yes">
        <database-file>mediatomb.db</database-file>
      </sqlite3>
      <mysql enabled="no">
        <host>localhost</host>
        <username>mediatomb</username>
        <database>mediatomb</database>
      </mysql>
    </storage>
    <protocolInfo extend="yes"/>
  </server>
  <import hidden-files="no">
    <scripting script-charset="UTF-8">
      <common-script>/usr/share/mediatomb/js/common.js</common-script>
      <playlist-script>/usr/share/mediatomb/js/playlists.js</playlist-script>
      <virtual-layout type="builtin">
        <import-script>/usr/share/mediatomb/js/import.js</import-script>
      </virtual-layout>
    </scripting>
    <mappings>
      <extension-mimetype ignore-unknown="no">
        <map from="mp3" to="audio/mpeg"/>
        <map from="ogg" to="application/ogg"/>
        <map from="asf" to="video/x-ms-asf"/>
        <map from="asx" to="video/x-ms-asf"/>
        <map from="wma" to="audio/x-ms-wma"/>
        <map from="wax" to="audio/x-ms-wax"/>
        <map from="wmv" to="video/x-ms-wmv"/>
        <map from="wvx" to="video/x-ms-wvx"/>
        <map from="wm" to="video/x-ms-wm"/>
        <map from="wmx" to="video/x-ms-wmx"/>
        <map from="m3u" to="audio/x-mpegurl"/>
        <map from="pls" to="audio/x-scpls"/>
        <map from="ts" to="video/mpeg"/>
    <map from="vob" to="video/mpeg"/>
    <map from="wav" to="audio/wav"/>
    <map from="mpg" to="video/mpeg"/>
    <map from="aac" to="audio/x-aac"/>
    <map from="m4a" to="audio/mp4"/>
    <map from="mkv" to="video/x-matroska"/>
    <map from="mov" to="video/x-quicktime"/> 
    <map from="flv" to="video/x-flv"/>
    <map from="divx" to="video/x-divx"/>
      </extension-mimetype>
      <mimetype-upnpclass>
        <map from="audio/*" to="object.item.audioItem.musicTrack"/>
        <map from="video/*" to="object.item.videoItem"/>
        <map from="image/*" to="object.item.imageItem"/>
      </mimetype-upnpclass>
      <mimetype-contenttype>
        <treat mimetype="audio/mpeg" as="mp3"/>
        <treat mimetype="application/ogg" as="ogg"/>
        <treat mimetype="audio/x-flac" as="flac"/>
        <treat mimetype="image/jpeg" as="jpg"/>
        <treat mimetype="audio/x-mpegurl" as="playlist"/>
        <treat mimetype="audio/x-scpls" as="playlist"/>
        <treat mimetype="audio/x-wav" as="pcm"/>
        <treat mimetype="audio/L16" as="pcm"/>
      </mimetype-contenttype>
    </mappings>
  </import>
<transcoding enabled="yes">
    <mimetype-profile-mappings>  
      <transcode mimetype="audio/mpeg" using="vlcwav"/>    
      <transcode mimetype="video/x-flv" using="transvideo"/>
      <transcode mimetype="video/mp4" using="transvideo"/>
      <transcode mimetype="video/x-quicktime" using="transvideo"/>
      <transcode mimetype="application/ogg" using="vlcwav"/>
      <transcode mimetype="audio/x-ms-wma" using="vlcwav"/>
      <transcode mimetype="audio/x-ms-asf" using="vlcwav"/>
      <transcode mimetype="audio/x-flac" using="ffmpegwav"/>
      <transcode mimetype="audio/x-aac" using="vlcwav"/>
      <transcode mimetype="audio/mp4" using="vlcwav"/>
      <transcode mimetype="video/x-msvideo" using="transvideo"/>
      <transcode mimetype="video/x-ms-wmv" using="transvideo"/>
      <transcode mimetype="video/mpeg" using="mpeg2trans"/>
      <transcode mimetype="video/x-matroska" using="transvideo"/>
      <transcode mimetype="image/jpeg" using="rescalejpeg"/>
    </mimetype-profile-mappings>
    <profiles>
      <profile name="transvideo" enabled="yes" type="external">
        <mimetype>video/mpeg</mimetype>
        <accept-url>no</accept-url>
        <first-resource>yes</first-resource>
        <agent command="mencoder-tr" arguments="%in %out"/>
    <buffer size="10485760" chunk-size="262144" fill-size="524288"/>
      </profile>
      <profile name="mpeg2trans" enabled="yes" type="external">
        <mimetype>video/mpeg</mimetype>
        <accept-url>no</accept-url>
        <first-resource>yes</first-resource>
        <hide-original-resource>yes</hide-original-resource>
        <agent command="mencoder-tr" arguments="%in %out"/>
        <buffer size="28800000" chunk-size="512000" fill-size="120000"/>
      </profile>
      <profile name="ffmpegwav" enabled="yes" type="external">
        <use-chunked-encoding>no</use-chunked-encoding>
        <mimetype>audio/wav</mimetype>
        <accept-url>no</accept-url>
        <first-resource>yes</first-resource>
        <agent command="ffmpegaudio" arguments="%in %out"/>
        <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
      </profile>
      <profile name="vlcwav" enabled="yes" type="external">
    <use-chunked-encoding>no</use-chunked-encoding> 
        <mimetype>audio/wav</mimetype>
        <accept-url>yes</accept-url>
        <first-resource>yes</first-resource>
        <agent command="vlc" arguments="-I dummy %in --sout #transcode{acodec=s16l,ab=192,channels=2}:standard{access=file,mux=wav,dst=%out} vlc:quit"/>
        <buffer size="512000" chunk-size="32000" fill-size="64000"/>
      </profile>
      <profile name="rescalejpeg" enabled="yes" type="external">
        <mimetype>image/jpeg</mimetype>
        <accept-url>no</accept-url>
        <first-resource>yes</first-resource>
        <accept-ogg-theora>no</accept-ogg-theora>
        <agent command="convert" arguments="-size 1080x720 %in -auto-orient -resize 1080x720 +profile '*' %out"/>
        <buffer size="50000" chunk-size="100" fill-size="100"/>
      </profile>
      <profile name="vlcyoutube" enabled="no" type="external">
        <mimetype>video/mpeg</mimetype>
        <accept-url>yes</accept-url>
        <first-resource>yes</first-resource>
        <accept-ogg-theora>yes</accept-ogg-theora>
        <agent command="vlc" arguments="-I dummy %in --sout #transcode{vcodec=mp2v,vb=4096,canvas-width=448,canvas-height=252,acodec=mpga,ab=64,samplerate=44100,channels=1}:standard{access=file,mux=ts,dst=%out} vlc:quit"/> 
        <buffer size="14400000" chunk-size="256000" fill-size="80000"/>
      </profile> 
    </profiles>
  </transcoding>
</config>


Note the bold and italicized regions. The home designation should be your "/home/(username)/.mediatomb" directory, and the uuid is a unique 32 alpha-numeric string.

Lastly, my config.xml probably needs a lot of cleaning up also. I basically heavily modified the one avialable from the mediatomb website and didn't go and clean it up. Fo example, I could probably delete the "vlcyoutube" transcoding trigger as I'm using the transvideo one instead.
Labels:
Subscribe to: Posts (Atom)