Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tinfoil Hat Linux: A Distribution for the Paranoid

Posted by timothy on from the either-a-joke-or-a-good-idea dept.

An Anonymous Coward writes: " Tinfoil Hat Linux is a distribution designed to allow the signing and encrypting of documents with the utmost in security. The floppy-image has numerous security features including: entering your passphrase via a video game style selection process to combat hardware keystroke loggers, turning the contrast of your screen down to foil prying eyes and cameras, and to run background PGP processes."

11 of 247 comments (clear)

  1. Announced at CodeCon by burtonator · · Score: 2, Informative

    For those of you not there.

    This was announced at codecon. The author passed out about 50 floppies with the distribution on it.

    Really good idea. I may have to run this on my laptop :)

  2. Re:Hoax by CitznFish · · Score: 5, Informative
    here si the site for those that may not get to it...
    What is Tinfoil Hat linux ? It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
    Tinfoil hat is useful if:
    • You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
    • You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
    • If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
    • If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
    • The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
    Tinfoil hat linux files FAQ
    • Q: Why doesn't the floppy I got at codecon match the signature above?
      A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
    • Q: How do I undo that horrible screen in paranoid mode?
      A: Type "contrast" at the command prompt, or play with ctheme.
    • Q: Is this really a 1.0 stable release?
      A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
    • Q: What sort of hardware is required to run tinfoil hat?
      A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
    • Q: where do I send complaints, bugs & feature requests?
      A: anonymous AT nameless DOT cultists.net
    • Q: What is the license for this distribution?
      A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license. Obviously, other people's software in this distribution retain their original licenses.
    Links
    --
    'mmmmmmmmm.... forbidden donut'
  3. Re:Hoax by JabberWokky · · Score: 5, Informative
    Considering that he distributed floppies of this at codecon, you're wrong.

    It's rather tongue-in-cheek, and more of a tech demo of what can be done than a useful configuration, but it sure has loads of nifty ideas.

    --
    Evan

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  4. /.'d already - Google to the rescue by h2so4 · · Score: 5, Informative

    Google's Cache of the page

  5. Google Cache (for those who can't get to site) by zpengo · · Score: 1, Informative

    http://www.google.com/search?q=cache:Q4R-UBjh3wkC: tinfoilhat.cultists.net/+&hl=en

    --


    Got Rhinos?
  6. Re:say what? by LMCBoy · · Score: 3, Informative

    As I understand it, that's where the "video game" interface comes in. It displays all the letters of the alphabet on screen, and you "type" your passphrase using the mouse, naver touching the keyboard.

    The keylogger will get all your other keystrokes, but not your GPG passphrase...maybe the onscreen keyboard can be invoked at other times too.

    --
    Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
  7. Another option by the_rev_matt · · Score: 3, Informative

    KRUD (http://www.tummy.com/krud) is another great secure option. A hardened Red Hat, comes out every month with all security updates/patches/etc. It's put together by Kevin Fenzi (author of the Security HOW-TO).

    --
    this is getting old and so are you

    blog

  8. Re:Faraday cage???? by VikingBerserker · · Score: 2, Informative
    to prevent someone from detecting your computer using a faraday cage, you'd need to put THEM inside a cage...

    ...or you can install this on a computer built to Tempest specs (http://www.eskimo.com/~joelm/xtempestsource.html) . Not only are these systems shielded with various metals in places (lead's a good choice), but some circuitry is reconfigured to make emissions less likely to be decoded remotely.

    The main use for such hardware is for spyproofing your data. The business was booming around Desert Storm, but pretty much dried up after that. Apparently the Government figured they'd never need machines faster than 386's.

  9. Re:Mark McGuire by joekool · · Score: 1, Informative

    simpsons, naturally

    I have a theory that most any reference you don't get will be a simpsons reference

    --

    Slackware: old school feel, new school gear.
  10. -----BEGIN PGP SIGNED MESSAGE----- by Anonymous Coward · · Score: 4, Informative

    Hash: SHA1

    I'm the author of this program. It was intended as a clever

    give away at code-con, but it should also be useful for other

    people who carry their keys on floppy disks.

    I hadn't intended a widespread distribution until I could put the kernel config

    up & get a bunch of signatures on the signing key .

    Oh well.

    In response to slashdot and the email flooding in:

    The key will be up on keyservers shortly (if it isn't already. )

    signatures to follow in the next few days. There isn't any TCP/IP

    or network on this distribution, I'm not a christian redneck, keyghost

    used to be cheaper, I can't fit tempest fonts on, since the console

    is only greyscale. Direct FB fonts would be the answer, but I didn't do it.

    And the "video game style" entry is clumsy, since I didn't want to re-invent

    curses. It's all free if you want to improve it.

    And now I'm about to get on a plane and be out of communication for a while

    ;-)

    Slashcode is certain to break the signature, but here goes:

    Anonymous

    ~

    -----BEGIN PGP SIGNATURE-----

    Version: GnuPG v1.0.6 (GNU/Linux)

    Comment: For info see http://www.gnupg.org

    iD8DBQE8csA+Fr26O2gKKPMRAp79AJ9/Ej1GyB2lnIxEPv2x Tq /MvKzBdACgg++K

    uYFX2VCz3Bq9BPuv8kLGCQM=

    =6oTm

    -----END PGP SIGNATURE-----

  11. Actually... by Anonymous Coward · · Score: 1, Informative

    The phrase "tinfoil hat" has been a symbol of paranoia for several years now; it had apparently already grown into somewhat common usage I first ran across it in 1997. The link was to a copy of the original story that it was derived from, but most, if not all, of the political rantings were added in 2000.

    Anyway, I'd like to make it clear that the content of the page probably in no way reflects the author's views; he most likely just thought it would be a good pun on "Red Hat."