Tinfoil Hat Linux

Tinfoil Hat Linux (THL) is a compact security-focused Linux distribution designed for high security developed by The Shmoo Group. The first version (1.000) was released in February 2002. It appears to be a low priority project as of 2013. Its image files and source are available in gzip format. THL can be used on almost any modern PC, as it requires an Intel 80386 or better computer, with at least 8 MB of RAM. The distribution fits on a single HD floppy. The small footprint provides additional benefits beyond making the system easy to understand and verify- the computer need not even have a hard drive, making it easier to "sanitize" the computer after use.

Tinfoil Hat Linux
DeveloperShmoo Group
OS familyUnix-like
Working stateDiscontinued
Source modelOpen source
Latest release2.0pre1 / February 2002 (2002-02)
Platformsi386
Kernel typeMonolithic kernel
Default user interfaceCLI / Bourne shell
LicenseDocumentation: Modified BSD license[1]
Software: Original licences
Official websitetinfoilhat.shmoo.com

The logo of Tinfoil Hat is Tux, the Linux mascot, wearing a tinfoil hat.

The Shmoo Group Web site says "It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering."

Security features

Tinfoil Hat uses a number of measures to defeat hardware and software surveillance methods like keystroke logging, video camera, and TEMPEST:

  • Encryption — GNU Privacy Guard (GPG) public key cryptography software is included in THL.
  • Data retrieval — All temporary files are created on an encrypted ramdisk that is destroyed on shutdown. Even the GPG keyfile information can be stored encrypted on the floppy.
  • Keystroke monitoring — THL has gpggrid, a wrapper for GPG that lets you use a video game style character entry system instead of typing in your passphrase. Keystroke loggers get a set of grid points, instead of a passphrase.
  • Power usage and other side channel attacks — Under the Paranoid options, a copy of GPG runs in the background generating keys and encrypting random documents. This makes it harder to determine when real encryption is taking place.
  • Even reading the screen over the user's shoulder is very hard when Tinfoil Hat is switched to paranoid mode, which sets the screen to a very low contrast.

Applications

An advantage of THL is that it can be used on virtually any modern PC using the x86 processor architecture. For example, one might install it on a computer that is kept in a locked room, not connected to any network, and used only for cryptographically signing keys. It is fairly easy to create the Tinfoil Hat booting floppy with Microsoft Windows. Verifying the checksum can be more tricky. The text of the documentation is salted with just a few jokes, which reinforces their humor by the stark contrast with the serious and paranoiac tone of the surrounding text- the very name pokes fun at itself, as Tinfoil Hats are commonly ascribed to paranoiacs as a method of protecting oneself from mind-control waves.

Tinfoil Hat Linux requires one to work in a text-only environment in Linux, i.e. starting straight off with a Bourne shell and the editor vi, not a graphical user interface. It uses BusyBox instead of the normal util-linux, the GNU coreutils (formerly known as fileutils, shellutils and textutils) and other common Unix tools. Tinfoil Hat also offers the GNU nano text editor.

gollark: Thus, matrix?
gollark: APIONET is even reachable over yggdrasil.
gollark: APIONET exists and is bridged to heavserver.
gollark: Yep.
gollark: I memorised the RFCs.

See also

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.