 For the next speaker, we have Teddy and who's going to talk about mandos. So please introduce please welcome the speaker Thank you. I Can't see my slides from here. So I'll have to read from the same display as you Mandos is something that enables you to use this full disc encryptions on your on your servers Which you should do Probably let's see. Yeah, if you use physical or bare metal hardware And you have more than one physical machine then you can and you want to use full disc encryption Which is you do then you should use mandos because it enables you to do that If you don't already used full disc encryption, you probably should But if the only reason you wasn't doing that because you couldn't then mandos will probably help you do that So the problem with running full disc encryption is normally that the you can't type in the password if the server reboots But mandos of that problem it mandos One running machine Can send the password to the other machine which is booting up which needs the password? So if one machine boots reboots the other machine can Send the password and then the first machine can run the reboot and get the password from the second machine So two machines can reboot and still be Secure both of them the full disc encryption and if both machines are turned off Let's see Dang it. Yeah, and the crucial thing is there's no interactivity here You don't have to approve although you can configure it to do it So you don't have to and normally it doesn't require approval. Yes It's basically invisible while once you install and configure it It just reboots normally you don't have to see anything It's just a password prompts appear and then it disappears. You don't have to type in it anything And it supports all the normal interim FS tools and raccoot both with and without system D But both are used now in Debian the server side is all configured and controllable by debas and various command line utilities for control and Inspections are provided I thought I had a slide there, but never mind. Let me check here Think I'm skipping slide. No, I guess not There are various Objections to to this protocol because everyone thinks that wait, isn't that insecure? But now that it's actually not insecure We use TLS encrypted communication with perfect for security and that that data that is a transmit It's not a clear text password even though it's TLS encrypted It's double encrypted because the data that's transmitted says open PGP encrypted So it's quite easy to install it's been in Debian and Ubuntu for about ten years No, maybe five. I can't remember many years and in case So if you want to just install it You just install it from a normal Debian or Ubuntu approach story or if can you can use our private package Index from Instructions are on that website Let's dang it. I think I skipped some some slides. Yeah These keys Okay, let's see slides. Yes Ah, here we go Mandos has a threat model That's probably what your threat model is also because what you really want to protect From is that what could reasonably you could reasonably assume to happen like that there is someone coming in taking all your service and Running off of them turned off and if that happens if you don't have folding the footprint then of course they can read all your discs but if you have mandos then Since both servers are then turned off the discs are fully encrypted and you someone have to some type in password to either One of the servers to get both up. So in that case, that's secure So in that normal expected case, it's just as secure as normal for this encryption of course So as I said it in that case it fails safe. It looks like it deadlocks both of servers if both are turned off Yeah, and if you currently do not run for this encryption Then you could probably use month full this encryption with mantas anyway because that it's least that's better than nothing In theory, there is one weakness because you could in theory take one server offline Inspect the in it run my face and extract the secret key within this very short timeout and then use that to unlock the other server But you'd have to assume very sophisticated get attackers to do that And if the your attackers were very sophisticated, they could just just as well do a cold boot attack and read the raw the keys directly from RAM so That's not really what we aim to protect against what we put aim to protect against is the usual expected attack of somebody turning off both servers and making off of that with them and Of course, if you want to you can configure mandos to require approval For each reboot So you can okay some server wants to boot up and you have to log in and say yes Allow this server you don't have to tap in the possible just have to allow it to boot and Then it's just a secure again, but of course then you can't reboot while you sleep That's the installation instruction basically. It's very easy. I Think that's it. I'm just mostly here because I want to Promote awareness that this system exists because I see many many people Running servers and not using full disk encryption because they think they have to type in the password every time they reboot Which you know with remote servers or servers not in their room You can't do that, but with mandos you can so I'm just putting it out there This this exists and has existed for like ten years, but Not very well known still I think that's about it. I think we have time some for some questions Which most faster than I thought I can't hear anything from a microphone Let me come from the others. Oh Now I think it's working Just to make sure that I understood correctly. So if I have two machines and both of them are down Then to start it again There will be a passport that has to be entered, right? If both are down not for every reboot But if it happens that all the machines are down And they have to pipe in password for at least one of them then that one can Automatically respond with passwords to the others amongst and that's I read that said it was GPG encryption Is that the it's that's the way is that the key this GBG GPG encryption We use both TLS encryption for the actual network communication But the thing that is communicated over that encrypted channel is open PGP encrypted data Thank you. I think Thank you for a talk. I have two questions. The first one is How do you provision the the TLS certificates and the PGP kids for the communication? They are automatically generated when you install and then you know manually But you have a system with a fingerprints of all the keys But don't you have to copy them or send them to some key server? No, no key service. You just manually copy the fingerprints of the keys to the configuration files of the servers Okay, and the second question is Let's say I have two machines which are in different physical locations and one attacker smash and grab the first one and I didn't notice that One of my machine disappeared Kenny like rebooted over the network and get access to it by trying to to send some Packets to the overmachin which can send back the password Well, if he's really really fast he can do that, but not not normally there's a timeout, but He's shaking his head. No here Mr. Co co-author here Tell me why local network Okay, it's only on the private network normally the mandos server and the mandos client is assumed to be on the same local network You can manually configure it to ask a specific server remotely, but that's not normal the normal case In this case can we have like something like a private virtual private network? Like we're using a VPN like a wire guard or something like that. Yeah, you could do that you'll have to Create some scripts to Because the mandos client runs before the root Fire system is decrypted you run without any specific good system utilities You have to run write a script that runs in that environment to take up your VPN and stuff But we provide hooks for all that we have scripts. Okay. All right. Thank you Do we have any other question? Okay For the TLS connection. Do you have client authentication? Client authentication we check the exact fingerprint of the key So you check it for the server which I guess it's a server that's already actually no We we're we're kind of funny that way. We don't run the TLS connection backwards up here we that we the Till the the mandos client which wants a running running in their small inner parameters environments Which wants the password is running is connecting But is then doing the TLS handshake as a TLS server So it has a key which is automatically proven in the TLS handshake to be I'm I have that key So then the server acting as a TLS client check that fingerprints against its database So, I mean it's automatically verified by the TLS itself. I See we have time for more equations Is anyone who wants to ask something? I have a mention which doesn't have for this encryption, which is really bad. Mm-hmm How can I easily migrate it to a to full this encryption like is very some Tooling you provide or is very something which can we don't provide the actual for this encryption the We use the normal looks Linux for this encryption system We just provide the hooks which provides the password at boot time when it needs it Okay, so if you just convert to normal for the full this encryption, you can then install that and use it On those all right Do we have any question? We'll have some time so oh, yeah, I don't see any hands. So thank you, Teddy