1
00:00:07,640 --> 00:00:08,680
OK, so…

2
00:00:08,720 --> 00:00:12,320
The normal way to actually encrypt the harddrive is already standard,

3
00:00:12,360 --> 00:00:16,000
and you use it by using LUKS - it’s called “LUKS”, for some reason.

4
00:00:17,280 --> 00:00:20,000
And the problem is that when you boot it, it looks like this.

5
00:00:20,960 --> 00:00:25,680
Actually in text mode, nowadays it’s all graphical and stuff, but in text mode it looks like this.

6
00:00:26,920 --> 00:00:27,720
And,

7
00:00:27,760 --> 00:00:29,240
let’s see now, OK.

8
00:00:34,000 --> 00:00:35,400
O…K.

9
00:00:37,000 --> 00:00:38,000
Now,

10
00:00:38,040 --> 00:00:42,520
normally, on the computer’s hard drive, it looks like this: You have a boot partition, which is unencrypted,

11
00:00:42,560 --> 00:00:44,800
and the rest is encrypted.

12
00:00:45,400 --> 00:00:48,280
That is, if you installed with encryption as I showed you before,

13
00:00:48,320 --> 00:00:51,480
in only one step, also in Ubuntu actually.

14
00:00:52,600 --> 00:00:54,000
In Ubuntu you have to

15
00:00:54,040 --> 00:00:54,920
pick

16
00:00:54,960 --> 00:01:00,960
either the “Alternate” install CD or the “Text mode” install, but not the graphical install, but then you can choose it in one step.

17
00:01:01,000 --> 00:01:01,520
Anyway,

18
00:01:01,560 --> 00:01:02,280
now you get…

19
00:01:02,320 --> 00:01:04,680
In that case you get this type of thing.

20
00:01:05,720 --> 00:01:07,320
Um…

21
00:01:07,360 --> 00:01:08,720
In the Mandos system

22
00:01:08,760 --> 00:01:11,320
we add a small OpenPGP key

23
00:01:11,360 --> 00:01:13,560
on the unencrypted partition.

24
00:01:14,880 --> 00:01:16,440
Then we have the Mandos server,

25
00:01:16,480 --> 00:01:17,960
on the same local network.

26
00:01:18,840 --> 00:01:19,760
And,

27
00:01:19,800 --> 00:01:21,280
at boot,

28
00:01:22,760 --> 00:01:24,360
It sends,

29
00:01:24,960 --> 00:01:26,920
or it connects

30
00:01:26,960 --> 00:01:27,520
from the…

31
00:01:27,560 --> 00:01:30,240
a small client program,

32
00:01:30,280 --> 00:01:32,680
and connects via TLS, encrypted,

33
00:01:32,720 --> 00:01:36,280
using the OpenPGP key, to the Mandos server over the local network.

34
00:01:37,400 --> 00:01:41,080
The server looks up the fingerprint of the OpenPGP key,

35
00:01:41,120 --> 00:01:42,760
in a list it has.

36
00:01:42,800 --> 00:01:47,800
“OK”, it says, “Ooh, it’s this fingerprint, I should send this binary mysterious blob to the client.”,

37
00:01:47,840 --> 00:01:48,920
and it does so.

38
00:01:51,200 --> 00:01:52,320
So,

39
00:01:52,360 --> 00:01:54,640
the OpenPGP key, then,

40
00:01:54,680 --> 00:01:57,080
is used to decrypt this blob

41
00:01:57,120 --> 00:01:58,400
into a password,

42
00:01:58,440 --> 00:02:01,240
and the password is then used to decrypt

43
00:02:01,280 --> 00:02:06,320
the encrypted hard drive, which is the real hard drive which is used to boot the rest of the system.

44
00:02:08,160 --> 00:02:10,640
So, yeah, that’s the basic design.

45
00:02:12,440 --> 00:02:13,840
Hmm, I want to take some of this.

46
00:02:13,880 --> 00:02:14,400
Oh yeah,

47
00:02:14,440 --> 00:02:18,280
we use ZeroConf, and Apple users may know this as “Bonjour”,

48
00:02:18,320 --> 00:02:20,640
to actually find the servers on the local network,

49
00:02:20,680 --> 00:02:23,040
automatically. Because, when you’re booting,

50
00:02:23,080 --> 00:02:27,000
this is, like, before we have an IP address configured on the

51
00:02:27,040 --> 00:02:30,040
local client computer, so we can’t use normal IP

52
00:02:30,080 --> 00:02:31,680
communications there.

53
00:02:33,000 --> 00:02:34,320
And we use… all use…

54
00:02:34,360 --> 00:02:39,000
As I said, we don’t have IP addresses even, so we have to use IPv6, because they’re…

55
00:02:39,040 --> 00:02:42,560
they always have something called “link-local” addresses,

56
00:02:42,600 --> 00:02:45,840
and they are always there and always useful,

57
00:02:45,880 --> 00:02:47,720
even though nothing is configured.

58
00:02:49,560 --> 00:02:53,440
So, yeah, this is a more

59
00:02:53,480 --> 00:02:55,400
technical overview. Let’s see

60
00:02:55,440 --> 00:02:58,600
if there’s anything useful here or it’s only to confuse people.

61
00:03:02,360 --> 00:03:04,960
Okay, fine, skip this slide, it’s just confusing.

62
00:03:06,360 --> 00:03:07,120
Ah, the ac…

63
00:03:07,160 --> 00:03:11,840
This is a more technical description of how the

64
00:03:11,880 --> 00:03:14,480
client side of it works.

65
00:03:14,520 --> 00:03:15,600
And the server,

66
00:03:15,640 --> 00:03:16,360
apparently.

67
00:03:17,600 --> 00:03:19,080
Maybe I can point with this thing.

68
00:03:19,760 --> 00:03:25,080
This is the Mandos client computer which is connected to a local network server here — this is the Mandos server process

69
00:03:25,120 --> 00:03:27,040
for that computer, I think.

70
00:03:27,560 --> 00:03:30,720
The client program runs a plugin runner which

71
00:03:30,760 --> 00:03:32,720
starts a number of plugins.

72
00:03:33,600 --> 00:03:35,280
This plugin asks

73
00:03:35,320 --> 00:03:36,840
for passwords at the

74
00:03:36,880 --> 00:03:39,360
text prompt, as usual, as you saw before.

75
00:03:39,400 --> 00:03:42,720
So you can still type in your password, that’s not a problem.

76
00:03:42,760 --> 00:03:46,760
And then if you have a graphical password prompt, you have a plugin for this, and

77
00:03:46,800 --> 00:03:49,360
there are many graphical password prompts, nowadays.

78
00:03:49,400 --> 00:03:50,400
Like this.

79
00:03:50,440 --> 00:03:53,000
There’s a backward compatibility thing,

80
00:03:53,040 --> 00:03:56,000
and you can also write your own plugins really easy.

81
00:03:56,520 --> 00:03:58,600
And there you have our main

82
00:03:58,640 --> 00:04:00,880
magic plugin here which actually

83
00:04:00,920 --> 00:04:04,560
is the Mandos client thing which actually communicates over the network with the server.

84
00:04:04,600 --> 00:04:07,360
But since you have all these plugin things, you can

85
00:04:07,400 --> 00:04:10,640
easily customize this to your heart’s content.

86
00:04:12,240 --> 00:04:18,400
And this is basically it, this is the address for the home page of the project. It’s available, now, in

87
00:04:18,440 --> 00:04:19,880
Debian unstable

88
00:04:19,920 --> 00:04:21,280
and Ubuntu.

89
00:04:21,800 --> 00:04:25,800
There’s a small bug, but we hope they’ll fix it, because it’s not our bug,

90
00:04:25,840 --> 00:04:27,640
it’s a library we use, but

91
00:04:27,680 --> 00:04:30,000
they changed it and now it doesn’t work anymore.

92
00:04:30,680 --> 00:04:32,160
But it still works

93
00:04:32,200 --> 00:04:33,400
if you compile it

94
00:04:33,440 --> 00:04:37,000
and install it from our repository into Debian stable it will work perfectly.

95
00:04:38,360 --> 00:04:41,000
Anyway, this is the graphical password prompt

96
00:04:41,040 --> 00:04:42,360
that you normally get.

97
00:04:42,400 --> 00:04:44,200
Hand me the network connection.

98
00:04:44,240 --> 00:04:45,920
You could type in the password now,

99
00:04:45,960 --> 00:04:47,680
if you’d like, wanted to.

100
00:04:48,160 --> 00:04:49,320
Then…

101
00:04:49,360 --> 00:04:55,160
Since we have a network now, suddenly it detects it, and has already transfered the password from the computer over there.

102
00:04:55,520 --> 00:04:57,120
And now it’s continuing to booting up.

103
00:04:57,920 --> 00:04:59,600
You can use this on servers,

104
00:04:59,640 --> 00:05:03,080
and as long as one other computer is on the local network,

105
00:05:03,120 --> 00:05:06,160
you can reboot the server remotely without any problems,

106
00:05:06,200 --> 00:05:08,960
and still have encrypted disks.

107
00:05:10,800 --> 00:05:11,640
There’s a question?

108
00:05:11,680 --> 00:05:16,120
Yeah, I was thinking of the automated trick. Is it possible to

109
00:05:16,160 --> 00:05:19,560
run Mandos servers on multiple machines?

110
00:05:19,600 --> 00:05:22,240
Yeah, sure. That’s the… Yeah, we thought of that.

111
00:05:22,880 --> 00:05:23,280
If…

112
00:05:23,320 --> 00:05:24,600
Actually, that’s one of the

113
00:05:24,640 --> 00:05:26,880
principle behind the idea:

114
00:05:26,920 --> 00:05:29,600
So long as one machine is up,

115
00:05:29,640 --> 00:05:31,360
it can boot up the other machines.

116
00:05:31,400 --> 00:05:35,480
Now, you don’t need to actually have one Mandos server on every machine, but you could have.

117
00:05:36,080 --> 00:05:37,560
And…

118
00:05:39,600 --> 00:05:44,080
Say you have it in a mobile phone — you don’t have it nowadays, but you could have —

119
00:05:44,120 --> 00:05:48,880
so, it could actually authenticate your computer when you have it in your pocket, but

120
00:05:48,920 --> 00:05:52,280
so long as you’re not near it, it won’t work.

121
00:05:52,320 --> 00:05:53,640
So, basically…

122
00:05:53,680 --> 00:05:56,960
And if someone went in and actually… You know, the common idea is,

123
00:05:57,000 --> 00:05:58,960
when someone steals your stuff at home,

124
00:05:59,000 --> 00:06:00,760
they don’t go slowly

125
00:06:00,800 --> 00:06:02,760
trying to mess around with one computer,

126
00:06:02,800 --> 00:06:04,320
they are going to take everything

127
00:06:04,360 --> 00:06:06,040
and carry it away.

128
00:06:06,600 --> 00:06:08,840
Or if someone takes, you know,

129
00:06:08,880 --> 00:06:14,040
walks into your nice data center and looks very kindly on one of your computers,

130
00:06:14,080 --> 00:06:15,760
they’re all… Again, they’re going to take

131
00:06:15,800 --> 00:06:16,880
everything away

132
00:06:16,920 --> 00:06:18,720
and sort out the rest later.

133
00:06:19,080 --> 00:06:19,640
And,

134
00:06:19,680 --> 00:06:21,120
if that happens,

135
00:06:21,160 --> 00:06:22,920
everything will just shut down.

136
00:06:23,440 --> 00:06:24,680
That’s the whole idea.

137
00:06:24,720 --> 00:06:27,000
If everything’s dead, it stays dead.

138
00:06:27,040 --> 00:06:28,160
If…

139
00:06:28,200 --> 00:06:30,680
But so long as everything looks normal,

140
00:06:30,720 --> 00:06:34,880
then everything is probably normal, and your computer will boot up normally.

141
00:06:36,520 --> 00:06:39,240
More details:

142
00:06:39,280 --> 00:06:42,800
Multiple Mandos servers on the same local network will not conflict.

143
00:06:42,840 --> 00:06:46,320
A Mandos client will try all of them in turn,

144
00:06:46,360 --> 00:06:49,400
and try automatically new ones as they appear,

145
00:06:49,440 --> 00:06:52,960
until it gets a password it can pass on.

146
00:06:54,400 --> 00:06:58,440
So, it will work perfectly with multiple Mandos servers booting up each other,

147
00:06:58,480 --> 00:06:59,960
and we thought of that –

148
00:07:00,000 --> 00:07:02,120
that’s how we use it ourselves.

149
00:07:03,120 --> 00:07:05,360
Anything else?

150
00:07:05,400 --> 00:07:06,320
Sorry?

151
00:07:07,320 --> 00:07:08,440
Oh yeah.

152
00:07:08,480 --> 00:07:10,720
The server

153
00:07:10,760 --> 00:07:14,840
actually checks that the clients are still alive

154
00:07:14,880 --> 00:07:17,680
using a method,

155
00:07:17,720 --> 00:07:19,280
because if a client’s…

156
00:07:21,160 --> 00:07:22,920
You can bypass this

157
00:07:22,960 --> 00:07:26,240
pretty easily if you know what you are doing,

158
00:07:26,280 --> 00:07:27,240
but it’s still…

159
00:07:28,120 --> 00:07:33,000
But it’s not really that big a danger, because people are still going to turn everything off and carry it away.

160
00:07:34,000 --> 00:07:34,880
Question?

161
00:07:34,920 --> 00:07:37,640
I’ve quite a problem, I don’t know how problematic, but…

162
00:07:37,680 --> 00:07:39,040
If I were to steal

163
00:07:39,080 --> 00:07:42,080
five of your computers, and keep one on,

164
00:07:42,120 --> 00:07:44,360
in my car, with a battery,

165
00:07:44,400 --> 00:07:47,560
would I still be able to boot the four other computers then?

166
00:07:47,600 --> 00:07:52,120
The question is “If you stole all of them, and you kept one on a battery,

167
00:07:52,160 --> 00:07:57,920
would you still be able to boot up the rest of them?” The answer is “No”, because the other machines have been down too long,

168
00:07:57,960 --> 00:07:58,760
because we…

169
00:07:58,800 --> 00:08:00,080
that… The thing that

170
00:08:00,120 --> 00:08:03,560
I was going to tell you about. No, it’s my mike!

171
00:08:05,720 --> 00:08:07,640
The server…

172
00:08:07,680 --> 00:08:14,600
By default, the server pings all the other machines, and if they’ve been down too long — you can configure that —

173
00:08:14,640 --> 00:08:18,240
the server stops sending out the key for those machines.

174
00:08:18,280 --> 00:08:21,760
It’s actually called “Heartbeat system”.

175
00:08:21,800 --> 00:08:22,520
Yes.

176
00:08:22,560 --> 00:08:23,800
And it’s actually

177
00:08:23,840 --> 00:08:26,680
configurable, so you can actually make how

178
00:08:26,720 --> 00:08:29,280
complicated a system you want.

179
00:08:29,320 --> 00:08:30,680
…sends a heartbeat.

180
00:08:30,720 --> 00:08:31,280
Yes.

181
00:08:32,600 --> 00:08:34,600
So you can actually make it

182
00:08:34,640 --> 00:08:38,800
so advanced that it actually checks, you know, authenticates that it’s really the computer. You can have

183
00:08:38,840 --> 00:08:41,920
some really advanced hardware to check they are

184
00:08:41,960 --> 00:08:43,440
connected to, you know,

185
00:08:43,480 --> 00:08:45,240
something specially…

186
00:08:45,280 --> 00:08:47,600
You can make it how much you want — it’s

187
00:08:47,640 --> 00:08:49,080
all configurable.

188
00:08:49,120 --> 00:08:51,080
By default we do “fping”,

189
00:08:51,120 --> 00:08:53,680
a simple ping just to, you know,

190
00:08:53,720 --> 00:08:55,760
to have something very simple to implement.

191
00:08:55,800 --> 00:08:59,360
And you have a cable to time

192
00:09:02,960 --> 00:09:05,400
Yes, it’s a timeout.

193
00:09:05,440 --> 00:09:08,240
…disconnect the connection.

194
00:09:08,280 --> 00:09:10,440
Yes, there’s a timeout for each client.

195
00:09:10,480 --> 00:09:14,360
So, yeah, that’s basically it; that’s the Mandos system,

196
00:09:14,400 --> 00:09:15,560
that’s why you can now,

197
00:09:15,600 --> 00:09:16,720
using this system,

198
00:09:16,760 --> 00:09:23,960
use encryption on your servers. And you should use encryption on all the machines you could use encryption.

199
00:09:25,240 --> 00:09:29,960
And, encryption is not only for hiding something,

200
00:09:30,000 --> 00:09:32,960
it’s for keeping control of what you have.

201
00:09:33,000 --> 00:09:35,600
Yeah, that’s all I want to say.

202
00:09:36,360 --> 00:09:38,080
I think we’re done.