Several new security features included in latest release, including new PersonaCrypt CLI utility and encrypted backups
The PC-BSD Team announced today that PC-BSD Version 10.1.2 is now available for download. This release is a revolutionary step forward for PC-BSD, due to its inclusion of a number of new security features including PersonaCrypt, Tor Mode, Stealth Mode, and Encrypted Backups.
PersonaCrypt allows the creation and usage of a GELI-backed encrypted external media for the user’s $HOME directory. This is tied into the PCDM login manager, and user manager, so that when a new user account is created, the user can opt to keep all personal data on an external device. The device is formatted with GPT / GELI / ZFS, and is decrypted at login via the GUI, after entering the encryption key, along with the normal user password.
An added feature of PersonaCrypt is the ability to login using “Stealth Mode”. This is basically the equivalent of a web browser’s “private” mode, except it applies to the user’s entire desktop session. During login, if “stealth mode” is selected, the user’s $HOME directory will be mounted as a GELI- backed ZVOL, using GELI’s one-time key encryption. This $HOME directory is setup as a “blank” slate, allowing the user to login and to run applications as if on a fresh system each time. At logout the dataset is destroyed, or should the system be rebooted, the one-time key is lost, rendering the data useless.
In addition, a new ability has been added to the System Updater Tray, so that with a single-click the user can enable or disable Tor Mode. When enabled, applications which connect to the Internet will do so through the Tor anonymizing network, without requiring any additional configuration.
Additional security features of the release include the use of LibreSSL by default instead of OpenSSL, and support for fully-encrypted backups, using GELI-backed iSCSI volumes. The latter sends backups of ZFS snapshots, with all the data leaving the box already encrypted using GELI. The user’s data on the remote side is fully encrypted and only accessible with the key file that is stored on the client side.
Kris Moore, Founder of the PC-BSD Project, states: “This release of PC-BSD really ups the ante in the realm of security and privacy in desktop computing. The new PersonaCrypt features, full-disk encryption, LibreSSL, and Tor Mode give PC-BSD users a new set of tools to use when protecting their privacy and security when online or on the road.”
To download PC-BSD Version 10.1.2, visit http://www.pcbsd.org/.
About PC-BSD
