Looking for an encrypted, persistent and live Linux distro preferably with Tor



I am looking for a live linux distro (for installing on a USB flash) that is encrypted and provides anonymity and is also persistent so that I could install apps on it. The best I have found so far is privatix but it hangs every few minutes and doesn't support my graphic card. Tails has all I need but is not persistent. :(


Posted 2012-01-18T17:16:59.857

Reputation: 325

Question was closed 2014-07-08T04:21:50.393

If its persistent then is it technically not a "live" Linux distro? The solution to your problems with privatix would be to replace the graphics card ( seems strange a light weight linux distro would have a problem with any graphics card ). – Ramhound – 2012-01-18T18:46:47.200

What I mean by persistent is that it should be able to save/keep the changes and applications installed. Privatix does that. – Auxiliary – 2012-01-18T19:08:57.257



Although you can achieve this with practically any disto by doing a full install to a USB drive, the problem, especially when you want everything encrypted, is that paging to disk is incredibly slow - and default HD installs do a lot of paging. This route will also thrash away at the I/O on your flash drive greatly reducing it's lifespan.

I have yet to find an ideal solution to this. but here are two distros that come close:

Puppy Linux

Yes, the cute name and clunky gui put me of at first - but it is very well put together technically. It uses a persistent overlay to save all changes into an (optionally encrypted) savefile, which it flushes to disk periodically or on demand. However, although Puppy is now based on Ubuntu, it is heavily modified and stripped down, and includes it's own package management system which I found less than appealing. I was not able to get apt-get running.

Liberte Linux

As far as privacy goes - this is hands down a winner. It randomizes network device mac addresses automatically, and automatically channels all network traffic through Privoxy -> Tor. It has a persistent overlay so files are saved in an encrypted savefile which seems to be flushed to disk in real time. It is based on hardened Gentoo and the firewall blocks all outbound traffic that doesn't go through Privoxy. It even blocks dns lookups that have not been tunneled at the firewall level. The downside is that you cannot install your own software. The persistent overlay does not extend to the general system, and portage is not part of the package (neither are build packages). This is designed as a feature, but in reality really hampers the flexibility of the distro (I will not deny there are security benefits to such an architecture though).

Next on my list to try is Knoppix (I don't know why I didn't think of it before, it was the first linux system that I ever used! now that takes me back...). But apparently it supports a full disk overlay (so software installs will persist) and AES256 encryption of the savefile. But this is just what I've gleaned so far.



It turns out Knoppix has come a long way since I first tried it. In 6.0 onward it does have full filesystem overlay support for persistence, and gives you the choice to encrypt it with AES256 bit encryption out of the box. Download the latest version, slap it on a flash drive, and customize to your hearts content... I was able to apt-get tor and other privacy tools easily, and they persist across reboots. Also, it has got a lot more lightweight and is based on LXDE now - makes for a very smooth and quick UX. One tip, don't install it on VFAT, use EXT3 instead. VFAT has a maximum 4GB file size which means that your persisted data cannot go over 4GB, it also takes a lot longer to initialize the save file on VFAT than it does on EXT3. I should have known to look to Knoppix first for a live distro.

Jack Singleton

Posted 2012-01-18T17:16:59.857

Reputation: 176


You should try Tinfoil Hat Linux.

The USB install looks difficult, but just look for a program that burns .img to USB and it should be a breeze.


Posted 2012-01-18T17:16:59.857

Reputation: 11


I guess UNetbootin would do that.

– slhck – 2012-03-21T08:12:25.767


For an encrypted install you have to encrypt your USB. You are obviously wanting to install to USB if you want persistence. So basically ... I would use LUKS+LVM to create an encrypted logical volume on the USB then simply get a .ISO file with any linux dist you want.

After you have an encrypted USB drive and you are able to mount the filesystem, use 'dd' to install the .ISO directly to the USB. It will have persistence.

Sorry, this isn't going to be super-easy if you want full disk encryption.


Posted 2012-01-18T17:16:59.857

Reputation: 9

The encrypted install won't automatically have persistence if it's done that way. Yes, it's possible to use dd to install the iso to a USB drive, but your instructions are incomplete and the persistence feature requires following additional steps beyond simply installing the iso directly to the USB. – karel – 2015-10-06T09:27:36.620