TODO: Difference between revisions
add more notes to the LUKS article |
formatting and such |
||
| Line 9: | Line 9: | ||
** https://cryptpad.fr/pad/#/2/pad/view/v9+28PcpFVoMr4eVf-NpF64Do35ocDL3tQLbaWq2Bfk/ | ** https://cryptpad.fr/pad/#/2/pad/view/v9+28PcpFVoMr4eVf-NpF64Do35ocDL3tQLbaWq2Bfk/ | ||
** NOTES: | ** NOTES: | ||
*** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are | *** for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are OK. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything. | ||
*** "a good amount of this information is pulled from [link]" by itself sounds kinda weird, like why should someone read your post instead of just going to that link immediately? perhaps "The [cryptsetup FAQ](...) is a great in-depth resource on all the available security options, but it's pretty long and complex. This post will cover the basics so you can get set up quickly with a reasonably secure system." | *** "a good amount of this information is pulled from [link]" by itself sounds kinda weird, like why should someone read your post instead of just going to that link immediately? perhaps "The [cryptsetup FAQ](...) is a great in-depth resource on all the available security options, but it's pretty long and complex. This post will cover the basics so you can get set up quickly with a reasonably secure system." | ||
*** if your system is starved of entropy, one technique | *** if your system is starved of entropy, one technique I've seen is to use random.org , e.g. <code>curl -Ss <nowiki>https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f</nowiki> > /dev/random</code> | ||
**** then you should be able to run any programs that would block on /dev/random | **** then you should be able to run any programs that would block on /dev/random | ||
*** you should define what "post quantum resistant" means if you're going to mention it, | *** you should define what "post quantum resistant" means if you're going to mention it, IMO | ||
*** ZFS actually uses an authenticated encryption mode by default ( | *** ZFS actually uses an authenticated encryption mode by default (AES-GCM) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS" is a little less clear than "XTS has vulnerabilities '''under certain threat models''', such as A, B and C [IMO if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS." | ||
**** i don't remember where i read that " | **** i don't remember where i read that "ZFS and BTRFS will help with the corruption issues of XTS" they may not have even been talking about LUKS directly and i just got confused (it was probably Wikipedia) | ||
*** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a | *** i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a beginner who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes | ||
* A guide on how to use and navigate around the WIKI would be a very good idea | |||
** maybe also a table of contents or something? | |||
** TBH I'm not entirely sure how wikis are usually structured, maybe something to look into | |||
*** from what i can remember offhand, usually the home page has some links to more specific topics, which then link out to other articles | |||
**** probably there *shouldn't* be an orphaned articles | |||
** we could also figure out if we want to have a more "document" focused theme for desktop like maybe [[mediawikiwiki:BlueSpice|BlueSpice]] | |||
*** if we have something less functional than [[mediawikiwiki:BlueSpice|BlueSpice]] though, we'll want to explain in the guide how to change the default user theme if someone is interested in doing editing | |||
* consider whether guide or documentation is a better word to use | |||
** probably i ended up choosing documentation because R&D ( research and documentation ) was kinda cool but TBH it's also a bit confusing, so guides are probably better | |||
* | |||
* Templates | * Templates | ||
** user profile information template (need to flesh out how this will look) | ** user profile information template (need to flesh out how this will look) | ||
*** should have matrix account | |||
*** should describe teams they are in and what roles they want to play | |||
*** a description of their skills and interests | |||
** TODO item template? probably to gather information from relevant pages but some TODOs will likely not have a page? dunno, something to think about | ** TODO item template? probably to gather information from relevant pages but some TODOs will likely not have a page? dunno, something to think about | ||
** " this page is not yet completed" | ** "this page is not yet completed" / "this page is a draft?" | ||
** " this page is a placeholder " | ** "this page is a placeholder" | ||
** " this page is an accessory to another? " ( maybe see or see also cover this , | ** "this page is an accessory to another?" (maybe see or see also cover this, IDK) | ||
Revision as of 18:40, 19 April 2026
This page is a list of projects currently being worked on and references to relevant information.
- Write a page describing how matrix works, how it relates to FASSAG, and some client quirks to be aware of.
- Maybe these should be separate pages?
- [Thread] consider having a dedicated page to matrix
- [Thread] the matrix.to page is apparently just broken ,,, the icon is just not viewable .
- [Thread] Yeah so it commet receives a thread reply, it inserts the thread parent into the thread body instead of the new thread reply message
- Finish LUKS guide , and probably split it up into simpler and more advanced guides
- https://cryptpad.fr/pad/#/2/pad/view/v9+28PcpFVoMr4eVf-NpF64Do35ocDL3tQLbaWq2Bfk/
- NOTES:
- for a bit of context as to why i wanted to write this in the first place, someone asked me "if i want the best security, how do i setup a LUKS partition?" and based on that question, I assume that just telling them "the defaults are fine" would not be a particularly satisfying answer. so i did my best to research everything, and tried to compile an exhaustive list of reasons why the defaults are OK. i went in assuming that there might be like, some algorithm that has a very strong performance cost for better security, but ultimately concluded, that wasn't really the case . but like , only after trying to understand everything.
- "a good amount of this information is pulled from [link]" by itself sounds kinda weird, like why should someone read your post instead of just going to that link immediately? perhaps "The [cryptsetup FAQ](...) is a great in-depth resource on all the available security options, but it's pretty long and complex. This post will cover the basics so you can get set up quickly with a reasonably secure system."
- if your system is starved of entropy, one technique I've seen is to use random.org , e.g.
curl -Ss https://www.random.org/cgi-bin/randbyte?nbytes=16384&format=f > /dev/random- then you should be able to run any programs that would block on /dev/random
- you should define what "post quantum resistant" means if you're going to mention it, IMO
- ZFS actually uses an authenticated encryption mode by default (AES-GCM) which is how it can detect tampering. i think this is what you meant, but saying "XTS vulnerabilities can be mitigated with ZFS or BTRFS" is a little less clear than "XTS has vulnerabilities under certain threat models, such as A, B and C [IMO if you're going to mention this you should also explain what the vulnerabilities are, you can't just drop this with no context]. If you are concerned about these issues, you should use an authenticated encryption mode like AES-GCM, which is unfortunately not available with LUKS due to the additional space needed for the authentication tags, but can be accomplished with a supporting filesystem such as ZFS."
- i don't remember where i read that "ZFS and BTRFS will help with the corruption issues of XTS" they may not have even been talking about LUKS directly and i just got confused (it was probably Wikipedia)
- i guess to expand on this, if you have a good idea of what your target audience is then you should be evaluating everything in the post from that point of view. suppose you are a beginner who doesn't know anything about crypto. "XTS has vulnerabilities" and "AES-256 is post quantum" are meaningless to u without further context. maybe the context for those things isn't the point of the post, but in that case u could maybe link to further resources or have some further explanation in footnotes
- A guide on how to use and navigate around the WIKI would be a very good idea
- maybe also a table of contents or something?
- TBH I'm not entirely sure how wikis are usually structured, maybe something to look into
- from what i can remember offhand, usually the home page has some links to more specific topics, which then link out to other articles
- probably there *shouldn't* be an orphaned articles
- from what i can remember offhand, usually the home page has some links to more specific topics, which then link out to other articles
- we could also figure out if we want to have a more "document" focused theme for desktop like maybe BlueSpice
- if we have something less functional than BlueSpice though, we'll want to explain in the guide how to change the default user theme if someone is interested in doing editing
- consider whether guide or documentation is a better word to use
- probably i ended up choosing documentation because R&D ( research and documentation ) was kinda cool but TBH it's also a bit confusing, so guides are probably better
- Templates
- user profile information template (need to flesh out how this will look)
- should have matrix account
- should describe teams they are in and what roles they want to play
- a description of their skills and interests
- TODO item template? probably to gather information from relevant pages but some TODOs will likely not have a page? dunno, something to think about
- "this page is not yet completed" / "this page is a draft?"
- "this page is a placeholder"
- "this page is an accessory to another?" (maybe see or see also cover this, IDK)
- user profile information template (need to flesh out how this will look)