Tin Hat 20090309 released

[Posted March 11, 2009 by corbet]

Version 20090309 of the Tin Hat distribution has been announced. Tin Hat is an interesting, RAM-only, Gentoo-based distribution. "Tin Hat was conceived as a challenge to the old mantra that physical access to a system means full access to the data. This is certainly true in the case of unencrypted file systems, and at least potentially true in the case of encrypted. Rather, Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box --- either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise."

Tin Hat 20090309 released

Posted Mar 11, 2009 15:11 UTC (Wed) by knobunc (guest, #4678) [Link] (1 responses)

Missing links:
- http://opensource.dyc.edu/tinhat
- http://en.wikipedia.org/wiki/Tin_Hat_Linux

(They are even missing from the announcement)

Links

Posted Mar 11, 2009 15:26 UTC (Wed) by corbet (editor, #1) [Link]

Sorry, I really did mean to put the distribution link in there. More coffee is clearly needed.

Tin Hat 20090309 released

Posted Mar 11, 2009 15:58 UTC (Wed) by ummmwhat (guest, #54087) [Link]

A summary from me: Tin Hat linux is a hardened distro that boots off a CD or usb stick, and lets you mount encrypted systems. The aim is to prevent access to the data used by the system.

Tin Hat 20090309 released

Posted Mar 11, 2009 16:59 UTC (Wed) by orly (guest, #57095) [Link] (1 responses)

Unfortunately for you, dear reader, this article was a trap. Your viewing this page has been logged, and the next time you are away from your computer, the black helicopters will pay it a visit and install a hardware keylogger, as well as compromised ram and CPU. Tin Hat Linux can't save you now, for all your base have been belong to us for some time.

Tin Hat 20090309 released

Posted Mar 12, 2009 1:09 UTC (Thu) by man_ls (guest, #15091) [Link]

Maybe Tinfoil Hat Linux is more your thing?

Cannot Guarantee Zero Information on Physical Acquisition

Posted Mar 12, 2009 3:25 UTC (Thu) by quozl (guest, #18798) [Link]

RAM can be read some time after power is removed, or after a reset. We learned that with respect to laptops on suspend being insecure.

I don't see how running only from RAM makes this type of attack any harder ... in fact I think it would make it easier, because there is only one place something can be instead of two or more.

Now if the BIOS would scrub RAM effectively after powering up, that's one less vector to worry about. It means an attacker would have to also subvert the BIOS.

Tin Hat 20090309 released

Posted Mar 12, 2009 7:53 UTC (Thu) by job (guest, #670) [Link] (1 responses)

I don't understand.

Is the point that by booting from CD/USB the _entire_ disk can be encrypted which provides deniability? But then why do they talk about gigabytes of ramdisk to use Open Office?

If you are not supposed to use any disk storage at all, you can't store persistent data, so encrypting everything seems kind of pointless. It is also very unclear what this has to do with the ramdump attack mentioned.

Tin Hat 20090309 released

Posted Mar 13, 2009 3:14 UTC (Fri) by spiro (guest, #54657) [Link]

I believe the point is:

1. you have a live cd/usb stick that is not encrypted.

2. your laptop hard drive is just a data drive, does not boot, and *is* encrypted.

3. your live cd mounts your encrypted disk and allows you to access your data.