Slashdot Mirror
Tinfoil Hat Linux: A Distribution for the Paranoid
An Anonymous Coward writes: " Tinfoil Hat Linux is a distribution designed to allow the signing and encrypting of documents with the utmost in security. The floppy-image has numerous security features including: entering your passphrase via a video game style selection process to combat hardware keystroke loggers, turning the contrast of your screen down to foil prying eyes and cameras, and to run background PGP processes."
Like I'm going to trust *them* to secure my Linux box.
The distribution UberSecureLinux, is actually a standard distribution of RedHat Linux 6.2, default installation, but it requires you to remove the PowerCord(TM) device from your PC. With PowerCord(TM) removed, your machine is effectively hacker-proof.
UberSecureLinux hopes to dispel the myths that RedHat 6.2 is one of the most hackable distributions of Linux.
What is Tinfoil Hat linux ? It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:
- You're using a computer that could have a keystroke logger installed.
http://www.keyghost.com is an example of a tiny & cheap hardware logger.
- You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
- If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
- If you simply don't want to risk putting a PGP key on a hard drive
where someone else might have access to it.
- The Illuminati are watching your computer, and you need to use morse code
to blink out your PGP messages on the numlock key.
Tinfoil hat linux files- readme.txt, also on the floppy image
- The source code for files on the floppy
- The tinfoilhat linux floppy image plus
disk signature file
Transfer this image to disk using rawrite (on windows) , dd on unix (dd if=tinfoil.img of=/dev/floppy ), or Diskcopy on a MAC.
FAQ- Q: Why doesn't the floppy I got at codecon match the signature above?
- Q: How do I undo that horrible screen in paranoid mode?
- Q: Is this really a 1.0 stable release?
- Q: What sort of hardware is required to run tinfoil hat?
- Q: where do I send complaints, bugs & feature requests?
- Q: What is the license for this distribution?
LinksA: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
A: Type "contrast" at the command prompt, or play with ctheme.
A: Think of this as a linux kernel 1.0 . Yes, it's stable to the best of my ability, and has been tested, but not for very long or by many people.
A: Any 386DX or faster IBM compatible with more than 8 megs of RAM. Pretty much any PC made in the last 8 years will work fine.
A: anonymous AT nameless DOT cultists.net
A: The scripts, documentation, and the distribution as a collection are released under a modified BSD license. Obviously, other people's software in this distribution retain their original licenses.
'mmmmmmmmm.... forbidden donut'
From the readme:
If at all possible, boot THL on a laptop & disconnect all external
cables, including the power & mouse. Turn off nearby
radios, including cell phones and microwaves. Put yourself
and the computer in a well grounded opaque copper cube. Download
your tinfoil hat plans from http://zapatopi.net/afdb.html.
Boot the floppy....
Where can I get well grounded opaque copper cube? Can't find any on ebay.
-- ZeroZenith
Yeah, your distro might be secure, but the illuminati can watch you type, and can enter your hardware. It'll just be a matter of time until they can read the software indirectly.
Do what I do. Compute ONLY in your head! They'll never get that data!!
Oh shit... the orderly is comi...
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
It's rather tongue-in-cheek, and more of a tech demo of what can be done than a useful configuration, but it sure has loads of nifty ideas.
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
So..does it come with TEMPEST-proof console fonts too? I think that would be the big todo for the really paranoid (aside from coming with a foldout F cage). Highly anti-aliased fonts work decently (in theory) thrwarting VE screen captures but if you're running soley in the console I would think you're at a decent risk of having your data captured considering the regularity of the screen and the unique shaping of console fonts. A little off topic but I was wondering if one could impliment a Matrix style command shell where white space was replaced on screen from /dev/rand in a light font like light grey and then when you type the letters would either be dark grey or white to distinguish them from the random letter replacing white space. While somewhat hard to read it would cause so much static VE screen captures which of crappy monitors can be done with a slightly hacked AM radio, would be pretty difficult to make out. It would just be cool to make a shell that just did that to begin with. Pop open a terminal and have it look super funky would make a pretty badass shell theme.
I'm a loner Dottie, a Rebel.
I can see it now:
:amidst the beeping and explosions: No, I'm logging into my Linux box!
PHB: Johnson! Are you playing space-invaders again?
Johnson:
PHB: Oh.. Can I get one for my system, too? That looks fun!
Thanks,
--
Matt
Google's Cache of the page
But does it keep Major League Baseball from spying on us from space?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
A nice addition would be tempest-resistant fonts! Here's a great article on tempest about tempest & creating fonts that are unreadable. Basically, the tempest setup only picks up the upper 30% of the frequency range, so this font has those components filtered out. But, the cool thing is that you can superimpose a (low amplitude) high-frequency pattern that isn't very visible to the user, but is visible to the tempest receiver. A whole fake Win98 screen transmitted? Here's the slide presentation for the above article (if you just want to look at the pretty pictures)
HIV Crosses Species Barrier... into Muppets
>[...]
>Q: Why doesn't the floppy I got at codecon match the signature above?
> A: because I screwed up & wrote a nvram.md5 file to the floppy I then used as a master. I had to remove that file from every floppy. The result is that the MD5sum of the codecon floppies should be: 3608290765de7d5283a1a22813677a56
Hah! A likely story!
As if I'm gonna trust that They(tm) didn't h4x0r Slashdot and change the MD5sum in CitznFish's FAQ repost to the MD5sum for Magic Lantern Linux!
(For the record, I wear mine shiny side out. Shiny-side-in folks are nuts or part of the Conspiracy. Though I suppose I could transmit messages by switching back and forth between shiny-side-out and shiny-side in on a daily basis. Bandwidth would kinda suck, though. ;-)
The tinfoil hat only serves to deliver a false sense of security.
To be truly secure, you need to build your own distribution. You need to understand what is being put on your system, and why. You need to be able to verify that the program that says it edits streams really does that, and does it without any funny business.
I ***know*** what it running on my system. I know this because I built the binaries myself. I know this because I can look at the source code and see what it does. This is the most beautiful feature of open source; the ability to let tinfoil hat wearers like myself have near-total assurance that our systems are running only the code we want them to run.
You don't get to say that if you're running Red Hat or Suse, or Windows or Mac. How do you know that any of these companies haven't been approached by the Feds and forced to include code that compromises your security and privacy?
Admittedly, it's going to be some time before I get to running KDE or Gnome. Of course, I can always install a standard distribution and see what is available today. But I appreciate the ability not to have to trust one of these distributions with my personal data, or my source code.
Actually, I'm still not to the point where I can run XFree86 yet, but EMACS using SVGATextMode on new hardware is so obscenely fast, why should I care? Except when I want to look at naked women.
That's why I have a Mac.
Is this truly the only Earth I can live on?
Operator: Main LCD turn on
Cat: All my fonts are not belong to Tempest
Captain: What you say!!
Captain: You know what you doing
No No No!
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Hash: SHA1
.
x Tq /MvKzBdACgg++K
I'm the author of this program. It was intended as a clever
give away at code-con, but it should also be useful for other
people who carry their keys on floppy disks.
I hadn't intended a widespread distribution until I could put the kernel config
up & get a bunch of signatures on the signing key
Oh well.
In response to slashdot and the email flooding in:
The key will be up on keyservers shortly (if it isn't already. )
signatures to follow in the next few days. There isn't any TCP/IP
or network on this distribution, I'm not a christian redneck, keyghost
used to be cheaper, I can't fit tempest fonts on, since the console
is only greyscale. Direct FB fonts would be the answer, but I didn't do it.
And the "video game style" entry is clumsy, since I didn't want to re-invent
curses. It's all free if you want to improve it.
And now I'm about to get on a plane and be out of communication for a while
;-)
Slashcode is certain to break the signature, but here goes:
Anonymous
~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8csA+Fr26O2gKKPMRAp79AJ9/Ej1GyB2lnIxEPv2
uYFX2VCz3Bq9BPuv8kLGCQM=
=6oTm
-----END PGP SIGNATURE-----