This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
Developer | Shmoo Group [1] |
---|---|
OS family | Linux (Unix-like) |
Working state | Discontinued |
Source model | Open source |
Latest release | 2.0pre1 / February 2002 |
Platforms | i386 |
Kernel type | Monolithic kernel |
Default user interface | CLI / Bourne shell |
License | Documentation: Modified BSD license [2] Software: Original licences |
Official website | tinfoilhat.shmoo.com |
Tinfoil Hat Linux (THL) is a compact security-focused Linux distribution designed for high security developed by The Shmoo Group. The first version (1.000) was released in February 2002. By 2013, it had become a low-priority project. Its image files and source are available in gzip format. THL can be used on modern PCs using an Intel 80386 or better, with at least 8 MB of RAM. The distribution fits on a single HD floppy disk. The small footprint provides additional benefits beyond making the system easy to understand and verify. A hard drive is not required to use THL, making it easier to "sanitize" the computer after use.
The logo of Tinfoil Hat is Tux, the Linux mascot, wearing a tinfoil hat.
The Shmoo Group website says "It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing, and wiping files. At some point, it became an exercise in over-engineering." [1]
Tinfoil Hat uses a number of measures to defeat hardware and software surveillance methods like keystroke logging, video camera, and TEMPEST:
THL can be used on most modern PCs using the x86 processor architecture. For example, one might install it on a computer that is kept in a locked room, not connected to any network, and used only for cryptographically signing keys. It is fairly easy to create the Tinfoil Hat booting floppy with Microsoft Windows. Verifying the checksum can pose a greater challenge. The text of the documentation is salted with a few jokes, the humor working in stark contrast to the serious and paranoiac tone of the surrounding text. The very name of the distribution pokes fun at itself, as Tinfoil Hats are commonly ascribed to paranoiacs as a method of protecting oneself from mind-control waves.
Tinfoil Hat Linux requires one to work in a text-only environment in Linux, electing to start users with a Bourne shell, the text editor vi, and with no graphical user interface. It uses BusyBox instead of the normal Util-Linux, the GNU Core Utilities (formerly known as FileUtils, ShellUtils, and TextUtils), and other common Unix tools. Tinfoil Hat also offers the GNU nano text editor.
Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date for smaller files. It is recommended Blowfish should not be used to encrypt files larger than 4GB in size, Twofish should be used instead.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
GNU Privacy Guard is a free-software replacement for Symantec's cryptographic software suite PGP. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoperable with GnuPG and other OpenPGP v4-compliant systems.
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. As with computer networks, there are many independent webs of trust, and any user can be a part of, and a link between, multiple webs.
Key exchange is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.
S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.
The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.
CipherSaber is a simple symmetric encryption protocol based on the RC4 stream cipher. Its goals are both technical and political: it gives reasonably strong protection of message confidentiality, yet it's designed to be simple enough that even novice programmers can memorize the algorithm and implement it from scratch. According to the designer, a CipherSaber version in the QBASIC programming language takes just sixteen lines of code. Its political aspect is that because it's so simple, it can be reimplemented anywhere at any time, and so it provides a way for users to communicate privately even if government or other controls make distribution of normal cryptographic software completely impossible.
Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.
Encryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the Internet.
The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."
The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.
This is a technical feature comparison of different disk encryption software.
dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
Gpg4win is an email and file encryption package for most versions of Microsoft Windows and Microsoft Outlook, which utilises the GnuPG framework for symmetric and public-key cryptography, such as data encryption, digital signatures, hash calculations etc.
KDE Wallet Manager (KWallet) is free and open-source password management software written in C++ for UNIX-style operating systems. KDE Wallet Manager runs on a Linux-based OS and Its main feature is storing encrypted passwords in KDE Wallets. The main feature of KDE wallet manager (KWallet) is to collect user's credentials such as passwords or IDs and encrypt them through Blowfish symmetric block cipher algorithm or GNU Privacy Guard encryption.
There are various implementations of the Advanced Encryption Standard, also known as Rijndael.
GPG Mail is a commercial extension for Apple Mail which comes as part of GPG Suite, a software collection that provides easy access to a collection of tools designed to secure your communications and encrypt files. GPG Mail provides public key email encryption and signing. It integrates with the default email client Apple Mail under macOS and the actual cryptographic functionality is handled by GNU Privacy Guard.
crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.