Tinfoil Hat Linux
Encyclopedia
Tinfoil Hat Linux was a compact Linux distribution
designed for high security
. Version 1.000 was released in February 2002. It appears to be no longer actively maintained , though the files are still available in gzip
format. THL requires a 386DX
computer or better, with at least 8 MB
of RAM. The distribution fits on a single ordinary HD floppy. The small footprint provides additional benefits beyond making the system easy to understand and verify- the computer need not even have a hard drive, making it easier to "sanitize" the computer after use.
The logo of Tinfoil Hat is Tux
, the Linux mascot, wearing a tinfoil hat.
, video camera
, and TEMPEST
:
using the x86 processor architecture. For example, one might install it on a computer that is kept in a locked room, not connected to any network
, and used only for cryptographically
signing keys. While the paranoid
mode security measures may seem over the top and might be found funny, they are a good education in the types of issues that must be considered for high security. It is fairly easy to create the Tinfoil Hat booting
floppy with Microsoft Windows
. Verifying the checksum
can be more tricky. The text of the documentation is salted with just a few jokes, which reinforces their humor by the stark contrast with the serious and paranoiac tone of the surrounding text- the very name pokes fun at itself, as Tinfoil hats are commonly ascribed to paranoiacs as a method of protecting oneself from mind-control waves.
Tinfoil Hat Linux requires one to work in a text-only environment in Linux, i.e. starting straight off with a Bourne shell and the editor vi
, not a graphical user interface
. It uses BusyBox
instead of the normal util-linux
, the GNU coreutils
(formerly known as fileutils, shellutils and textutils) and other common Unix
tools. Tinfoil Hat also offers the nano
text editor.
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
designed for high security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
. Version 1.000 was released in February 2002. It appears to be no longer actively maintained , though the files are still available in gzip
Gzip
Gzip is any of several software applications used for file compression and decompression. The term usually refers to the GNU Project's implementation, "gzip" standing for GNU zip. It is based on the DEFLATE algorithm, which is a combination of Lempel-Ziv and Huffman coding...
format. THL requires a 386DX
Intel 80386
The Intel 80386, also known as the i386, or just 386, was a 32-bit microprocessor introduced by Intel in 1985. The first versions had 275,000 transistors and were used as the central processing unit of many workstations and high-end personal computers of the time...
computer or better, with at least 8 MB
Megabyte
The megabyte is a multiple of the unit byte for digital information storage or transmission with two different values depending on context: bytes generally for computer memory; and one million bytes generally for computer storage. The IEEE Standards Board has decided that "Mega will mean 1 000...
of RAM. The distribution fits on a single ordinary HD floppy. The small footprint provides additional benefits beyond making the system easy to understand and verify- the computer need not even have a hard drive, making it easier to "sanitize" the computer after use.
The logo of Tinfoil Hat is Tux
Tux
Tux is a penguin character and the official mascot of the Linux kernel. Originally created as an entry to a Linux logo competition, Tux is the most commonly used icon for Linux, although different Linux distributions depict Tux in various styles. In video games featuring the character, female...
, the Linux mascot, wearing a tinfoil hat.
Security features
Tinfoil Hat uses a number of measures to defeat hardware and software surveillance methods like keystroke loggingKeystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
, video camera
Video camera
A video camera is a camera used for electronic motion picture acquisition, initially developed by the television industry but now common in other applications as well. The earliest video cameras were those of John Logie Baird, based on the electromechanical Nipkow disk and used by the BBC in...
, and TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
:
- Encryption — GNU Privacy GuardGNU Privacy GuardGNU Privacy Guard is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP...
(GPG) public key cryptography software is included in THL. - Data retrieval — All temporary files are created on an encrypted ramdiskRAM diskA RAM disk or RAM drive is a block of RAM that a computer's software is treating as if the memory were a disk drive...
that is destroyed on shutdown. Even the GPG keyfile information can be stored encrypted on the floppy. - Keystroke monitoring — THL has gpggrid, a wrapper for GPG that lets you use a video game style character entry system instead of typing in your passphrasePassphraseA passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
. Keystroke loggerKeystroke loggingKeystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
s get a set of grid points, not your passphrase. - Power usage and other side channel attackSide channel attackIn cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms...
s — Under the Paranoid options, a copy of GPG runs in the background generating keys and encrypting random documents. This makes it harder to determine when real encryption is taking place. - Even reading the screen over the user's shoulderShoulder surfing (computer security)In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information...
is very hard when Tinfoil Hat is switched to paranoid mode, which sets the screen to a very low contrastContrast (vision)Contrast is the difference in visual properties that makes an object distinguishable from other objects and the background. In visual perception of the real world, contrast is determined by the difference in the color and brightness of the object and other objects within the same field of view...
.
Applications
An advantage of THL is that it can be used on virtually any modern PCPersonal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
using the x86 processor architecture. For example, one might install it on a computer that is kept in a locked room, not connected to any network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
, and used only for cryptographically
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
signing keys. While the paranoid
Paranoia
Paranoia [] is a thought process believed to be heavily influenced by anxiety or fear, often to the point of irrationality and delusion. Paranoid thinking typically includes persecutory beliefs, or beliefs of conspiracy concerning a perceived threat towards oneself...
mode security measures may seem over the top and might be found funny, they are a good education in the types of issues that must be considered for high security. It is fairly easy to create the Tinfoil Hat booting
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
floppy with Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. Verifying the checksum
Checksum
A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and...
can be more tricky. The text of the documentation is salted with just a few jokes, which reinforces their humor by the stark contrast with the serious and paranoiac tone of the surrounding text- the very name pokes fun at itself, as Tinfoil hats are commonly ascribed to paranoiacs as a method of protecting oneself from mind-control waves.
Tinfoil Hat Linux requires one to work in a text-only environment in Linux, i.e. starting straight off with a Bourne shell and the editor vi
Vi
vi is a screen-oriented text editor originally created for the Unix operating system. The portable subset of the behavior of vi and programs based on it, and the ex editor language supported within these programs, is described by the Single Unix Specification and POSIX.The original code for vi...
, not a graphical user interface
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
. It uses BusyBox
BusyBox
BusyBox provides several stripped-down Unix tools in a single executable. It runs in a variety of POSIX environments such as Linux, Android, FreeBSD and others, such as proprietary kernels, although many of the tools it provides are designed to work with interfaces provided by the Linux kernel. It...
instead of the normal util-linux
Util-linux
util-linux is a standard package of the Linux operating system. A fork, util-linux-ng—with ng meaning "next generation"—was created when development stalled, but as of January 2011 has been renamed back to util-linux, and is the official version of the package.It includes the following...
, the GNU coreutils
GNU Core Utilities
The GNU Core Utilities or coreutils is a package of GNU software containing many of the basic tools, such as cat, ls, and rm, needed for Unix-like operating systems...
(formerly known as fileutils, shellutils and textutils) and other common Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
tools. Tinfoil Hat also offers the nano
Nano (text editor)
nano is a text editor for Unix-like computing systems or operating environments using a command line interface. It emulates the Pico text editor, part of the Pine email client, and also provides additional functionality....
text editor.
See also
- List of Linux distributions
- List of LiveDistros
- Damn Small LinuxDamn Small LinuxDamn Small Linux or DSL is a computer operating system for the x86 family of personal computers. It is free and open source software under the terms of GNU GPL and other free and open source licenses. It was designed to run graphical applications on older PC hardware—for example, machines with...
- Security-focused operating system
- Knoppix STDKnoppix STDKnoppix STD is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities,...
- OpenBSDOpenBSDOpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...