Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tinfoil Hat Linux: A Distribution for the Paranoid

Posted by timothy on from the either-a-joke-or-a-good-idea dept.

An Anonymous Coward writes: " Tinfoil Hat Linux is a distribution designed to allow the signing and encrypting of documents with the utmost in security. The floppy-image has numerous security features including: entering your passphrase via a video game style selection process to combat hardware keystroke loggers, turning the contrast of your screen down to foil prying eyes and cameras, and to run background PGP processes."

33 of 247 comments (clear)

  1. Uh huh... by Anonymous Coward · · Score: 5, Funny

    Like I'm going to trust *them* to secure my Linux box.

    1. Re:Uh huh... by mar1no · · Score: 4, Funny

      i agree, tinfoil isn't very strong if you ask me, i prefer to use a ziploc bag instead.

      --
      "you sonofabitch i didn't know!"
  2. UberSecureLinux by TedCheshireAcad · · Score: 5, Funny

    The distribution UberSecureLinux, is actually a standard distribution of RedHat Linux 6.2, default installation, but it requires you to remove the PowerCord(TM) device from your PC. With PowerCord(TM) removed, your machine is effectively hacker-proof.

    UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.

    1. Re:UberSecureLinux by JabberWokky · · Score: 4, Funny
      UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.

      USL is useless. Not only was it a pain to get my wireless networking installed on it, I followed instructions precisely, disconnected the PowerCord(TM), and evil hackers still got into my laptop!

      (Incidently, I prefer this USL, anyway).

      --
      Evan "insert SubGenius motto here" E.

      --
      "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
    2. Re:UberSecureLinux by TedCheshireAcad · · Score: 5, Funny

      Wireless networking in USL is quite simple, it only requires that you compile libpenandpaper-1.0, and exchange messages using the HandToHand networking model.

  3. Re:Hoax by CitznFish · · Score: 5, Informative
    here si the site for those that may not get to it...
    What is Tinfoil Hat linux ? It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
    Tinfoil hat is useful if:
    • You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
    • You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
    • If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
    • If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
    • The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
    Tinfoil hat linux files FAQ
    • Q: Why doesn't the floppy I got at codecon match the signature above?
      A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
    • Q: How do I undo that horrible screen in paranoid mode?
      A: Type "contrast" at the command prompt, or play with ctheme.
    • Q: Is this really a 1.0 stable release?
      A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
    • Q: What sort of hardware is required to run tinfoil hat?
      A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
    • Q: where do I send complaints, bugs & feature requests?
      A: anonymous AT nameless DOT cultists.net
    • Q: What is the license for this distribution?
      A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license. Obviously, other people's software in this distribution retain their original licenses.
    Links
    --
    'mmmmmmmmm.... forbidden donut'
  4. Copper cube ? by ZeroZenith · · Score: 5, Funny

    From the readme:
    If at all possible, boot THL on a laptop & disconnect all external
    cables, including the power & mouse. Turn off nearby
    radios, including cell phones and microwaves. Put yourself
    and the computer in a well grounded opaque copper cube. Download
    your tinfoil hat plans from http://zapatopi.net/afdb.html.
    Boot the floppy....

    Where can I get well grounded opaque copper cube? Can't find any on ebay.

    --
    -- ZeroZenith
    1. Re:Copper cube ? by cduffy · · Score: 3, Funny

      Where can I get well grounded opaque copper cube?

      The NSA has a big one -- but I don't think they'll share.

  5. For the paranoid? by FortKnox · · Score: 4, Funny

    Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.

    Do what I do. Compute ONLY in your head! They'll never get that data!!

    Oh shit... the orderly is comi...

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  6. Re:Hoax by JabberWokky · · Score: 5, Informative
    Considering that he distributed floppies of this at codecon, you're wrong.

    It's rather tongue-in-cheek, and more of a tech demo of what can be done than a useful configuration, but it sure has loads of nifty ideas.

    --
    Evan

    --
    "$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
  7. You need instructions? by Chris+Burke · · Score: 3, Interesting


    Just surround your computer with a cage made of chicken wire.

    The problem is that as soon as you have to connect to the world outside (like through a network cable... or a power cord) you break the cage, and you've pretty much defeated the whole purpose.

    And don't tell me about the incredibly tiny radiation leakage from your monitor carried by the power cord! The Illuminati can still read it!

    --

    The enemies of Democracy are
  8. Coka? Cola? by Graymalkin · · Score: 5, Interesting

    So..does it come with TEMPEST-proof console fonts too? I think that would be the big todo for the really paranoid (aside from coming with a foldout F cage). Highly anti-aliased fonts work decently (in theory) thrwarting VE screen captures but if you're running soley in the console I would think you're at a decent risk of having your data captured considering the regularity of the screen and the unique shaping of console fonts. A little off topic but I was wondering if one could impliment a Matrix style command shell where white space was replaced on screen from /dev/rand in a light font like light grey and then when you type the letters would either be dark grey or white to distinguish them from the random letter replacing white space. While somewhat hard to read it would cause so much static VE screen captures which of crappy monitors can be done with a slightly hacked AM radio, would be pretty difficult to make out. It would just be cool to make a shell that just did that to begin with. Pop open a terminal and have it look super funky would make a pretty badass shell theme.

    --
    I'm a loner Dottie, a Rebel.
  9. Fired for Playing Games? by MattRog · · Score: 5, Funny

    I can see it now:

    PHB: Johnson! Are you playing space-invaders again?

    Johnson: :amidst the beeping and explosions: No, I'm logging into my Linux box!

    PHB: Oh.. Can I get one for my system, too? That looks fun!

    --

    Thanks,
    --
    Matt
  10. /.'d already - Google to the rescue by h2so4 · · Score: 5, Informative

    Google's Cache of the page

  11. Bootable cdroms by rangerx · · Score: 3, Interesting

    Instead of a floppy, why not use a cdrom? It can hold alot more, has faster load times, and many other features.
    PLAC - Portable Linux Auditing CD

    LNX-BBC

    LBT

  12. Mark McGuire by sharkey · · Score: 5, Funny

    But does it keep Major League Baseball from spying on us from space?

    --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
    1. Re:Mark McGuire by MattRog · · Score: 3, Funny

      Nothing can keep the MLB out of your life. By the way, here's an autographed baseball bat.

      --

      Thanks,
      --
      Matt
  13. If *I* were the Illuminati by BranMan · · Score: 3, Insightful


    I'd just put the spy code in the Bios. What else is distributed on every computer, and run every time they boot?

    BWAHAAAAAHAAAA

    1. Re:If *I* were the Illuminati by angst_ridden_hipster · · Score: 3, Funny
      What else is distributed on every computer, and run every time they boot?

      Uh... Memory chips? Realtime clock chips? Capacitors and resistors and power supplies?

      --
      Eloi, Eloi, lema sabachtani?
      www.fogbound.net
  14. Tempest fonts by morcheeba · · Score: 5, Interesting

    A nice addition would be tempest-resistant fonts! Here's a great article on tempest about tempest & creating fonts that are unreadable. Basically, the tempest setup only picks up the upper 30% of the frequency range, so this font has those components filtered out. But, the cool thing is that you can superimpose a (low amplitude) high-frequency pattern that isn't very visible to the user, but is visible to the tempest receiver. A whole fake Win98 screen transmitted? Here's the slide presentation for the above article (if you just want to look at the pretty pictures)

    --
    HIV Crosses Species Barrier... into Muppets
  15. Re:Hoax by Tackhead · · Score: 4, Funny
    > FAQ:
    >[...]
    >Q: Why doesn't the floppy I got at codecon match the signature above?
    > A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56

    Hah! A likely story!

    As if I'm gonna trust that They(tm) didn't h4x0r Slashdot and change the MD5sum in CitznFish's FAQ repost to the MD5sum for Magic Lantern Linux!

    (For the record, I wear mine shiny side out. Shiny-side-in folks are nuts or part of the Conspiracy. Though I suppose I could transmit messages by switching back and forth between shiny-side-out and shiny-side in on a daily basis. Bandwidth would kinda suck, though. ;-)

  16. http://www.linuxfromscratch.org/ by corebreech · · Score: 4, Insightful

    The tinfoil hat only serves to deliver a false sense of security.

    To be truly secure, you need to build your own distribution. You need to understand what is being put on your system, and why. You need to be able to verify that the program that says it edits streams really does that, and does it without any funny business.

    I ***know*** what it running on my system. I know this because I built the binaries myself. I know this because I can look at the source code and see what it does. This is the most beautiful feature of open source; the ability to let tinfoil hat wearers like myself have near-total assurance that our systems are running only the code we want them to run.

    You don't get to say that if you're running Red Hat or Suse, or Windows or Mac. How do you know that any of these companies haven't been approached by the Feds and forced to include code that compromises your security and privacy?

    Admittedly, it's going to be some time before I get to running KDE or Gnome. Of course, I can always install a standard distribution and see what is available today. But I appreciate the ability not to have to trust one of these distributions with my personal data, or my source code.

    Actually, I'm still not to the point where I can run XFree86 yet, but EMACS using SVGATextMode on new hardware is so obscenely fast, why should I care? Except when I want to look at naked women.

    That's why I have a Mac.

    --
    Is this truly the only Earth I can live on?
    1. Re:http://www.linuxfromscratch.org/ by GGardner · · Score: 3, Interesting

      What about the compilers? Are you sure they aren't inserting any funny business into the binary code?

      While we're at it, what about the CPU, and other support chips? Have you inspected the VHDL?

    2. Re:http://www.linuxfromscratch.org/ by Ratbert42 · · Score: 5, Insightful

      But how did you build your binaries? You really should read this before you trust a compiler that you didn't bootstrap yourself.

    3. Re:http://www.linuxfromscratch.org/ by corebreech · · Score: 3, Interesting

      It ain't that I'm stuck. It's only that I don't want to install packages that I'm not prepared to fully understand.

      No doubt most of the new stuff available today only needs a ./configure and a make install, and there it is, on your disk.

      But in my mind that's no different than installing using somebody else's distribution.

      I should fess up and say that I don't always use my installation, but that's mostly because my paycheck demands I use other code.

      That doesn't change my lust for a system I can understand, down to the statement, and one that I have complete control over. I'm sure that a lot of you who've been with Linux forever you've acquired a sense for this a long time ago; I'm kind of new to the OS though, I've only been using it for a couple of years.

      It's biggest attraction for me is that I get to be anal about learning it. Taking it one step at a time, and leaving nothing to chance.

      So what if I don't have windows! Most everything I end up doing on the Mac or on Windows is all text-based anyways. Look at the interface for Visual C or Codewarrior on the Mac and tell me exactly what I'm missing when using something like EMACS on a screen that has a resolution of over 200 characters across.

      Pretty colors? Alpha-blending? Anti-aliased fonts? It's all shit! It makes everything go slower, while making me put my nose up to the monitor so I can see what the fuck is going on!

      Why do I need that?

      --
      Is this truly the only Earth I can live on?
    4. Re:http://www.linuxfromscratch.org/ by Lionel+Hutts · · Score: 5, Interesting

      Absolutely. For those who haven't read it, "Reflections on Trusting Trust" is Ken Thompson's story of the greatest hack of all time: changing a compiler so that it not only created a backdoor whenever compiling login.c, but so that the modification persisted when the modified compiler was applied to the source of a standard C compiler. There's just no easy way to do without trusting anyone at all.

      --
      I Can't Believe It's A Law Firm, LLP does not necessarily endorse the contents of this message.
    5. Re:http://www.linuxfromscratch.org/ by corebreech · · Score: 3, Insightful

      Note that I said "near-total assurance".

      I have a lot of faith in you guys, even though I realize that when the gcc source is broadcast that not everybody reads through every single expression.

      But we're all single-stepping through the code it produces at some point.

      I've seen people reporting compiler bugs that makes you wonder just what the fuck these people are doing. When you read the back-and-forth between the people who use the compilers and those who write them it's pretty clear who's on top.

      Plus, there's Codewarrior, and Borland (is that right?) and there's always the archived compilers to compare against.

      In short, it's all out there in the open, and there are like at least ten million eyeballs on the case.

      I'm willing to risk letting the compiler prove me to be the fool.

      --
      Is this truly the only Earth I can live on?
  17. Re:say what? by LMCBoy · · Score: 3, Informative

    As I understand it, that's where the "video game" interface comes in. It displays all the letters of the alphabet on screen, and you "type" your passphrase using the mouse, naver touching the keyboard.

    The keylogger will get all your other keystrokes, but not your GPG passphrase...maybe the onscreen keyboard can be invoked at other times too.

    --
    Liberal (adj.): Free from bigotry; open to progress; tolerant of others.
  18. Even easier: LCD (was: Tempest fonts) by dstone · · Score: 4, Insightful

    Operator: Main LCD turn on
    Cat: All my fonts are not belong to Tempest
    Captain: What you say!!
    Captain: You know what you doing

  19. Another option by the_rev_matt · · Score: 3, Informative

    KRUD (http://www.tummy.com/krud) is another great secure option. A hardened Red Hat, comes out every month with all security updates/patches/etc. It's put together by Kevin Fenzi (author of the Security HOW-TO).

    --
    this is getting old and so are you

    blog

  20. Re:UberSecureLinux (and wireless) by McFly777 · · Score: 4, Funny
    Wireless networking in USL is quite simple, it only requires that you compile libpenandpaper-1.0, and exchange messages using the HandToHand networking model.


    No No No! ... The HandtoHand protocol is succeptable to a "man in the middle" attack. Even worse, if you don't properly install the BicLighter module it can be subject to a DOS (Dumpster OutSide) attack.

    --

    McFly777
    - - -
    "What do people mean when they say the computer went down on them?" -Marilyn Pittman
  21. You gotta love... by Jon+Abbott · · Score: 3, Funny
    ...the reference he gave for a keylogger:
    http://www.keyghost.com is an example of a tiny & cheap hardware logger.
    The price of Keyghost Keylogger: $999.
    --
    Slashdot's first reaction to VMware
  22. -----BEGIN PGP SIGNED MESSAGE----- by Anonymous Coward · · Score: 4, Informative

    Hash: SHA1

    I'm the author of this program. It was intended as a clever

    give away at code-con, but it should also be useful for other

    people who carry their keys on floppy disks.

    I hadn't intended a widespread distribution until I could put the kernel config

    up & get a bunch of signatures on the signing key .

    Oh well.

    In response to slashdot and the email flooding in:

    The key will be up on keyservers shortly (if it isn't already. )

    signatures to follow in the next few days. There isn't any TCP/IP

    or network on this distribution, I'm not a christian redneck, keyghost

    used to be cheaper, I can't fit tempest fonts on, since the console

    is only greyscale. Direct FB fonts would be the answer, but I didn't do it.

    And the "video game style" entry is clumsy, since I didn't want to re-invent

    curses. It's all free if you want to improve it.

    And now I'm about to get on a plane and be out of communication for a while

    ;-)

    Slashcode is certain to break the signature, but here goes:

    Anonymous

    ~

    -----BEGIN PGP SIGNATURE-----

    Version: GnuPG v1.0.6 (GNU/Linux)

    Comment: For info see http://www.gnupg.org

    iD8DBQE8csA+Fr26O2gKKPMRAp79AJ9/Ej1GyB2lnIxEPv2x Tq /MvKzBdACgg++K

    uYFX2VCz3Bq9BPuv8kLGCQM=

    =6oTm

    -----END PGP SIGNATURE-----