World Library  
Flag as Inappropriate
Email this Article

Tin Hat Linux

Article Id: WHEBN0021179429
Reproduction Date:

Title: Tin Hat Linux  
Author: World Heritage Encyclopedia
Language: English
Subject: Tin foil hat, Gentoo Linux, List of Linux distributions
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Tin Hat Linux

This article is about Tin Hat Linux. For the compact, security-minded Linux distribution, see Tinfoil Hat Linux.
Tin Hat Linux
developer Anthony G. Basile, et al.
OS family Unix-like
Working state Current
Source model Open source
Latest stable release 20130228 / February 28, 2013; 16 months ago (2013-02-28)
Available language(s) Multilanguage
Package manager Portage
Supported platforms IA-32, x86-64
Kernel type Monolithic
Default user interface GNOME
License Various
Official website opensource.dyc.edu/tinhat

Tin Hat is a Linux distribution derived from Hardened Gentoo Linux. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM.[1] Tin Hat boots from CD, or optionally from USB flash drive, but it does not mount any file system directly from the boot device.[1] Instead, Tin Hat employs a large SquashFS image from the boot device which expands into tmpfs upon booting. This makes for long boot times, but fast speeds during use.

Design goal

The central design consideration in Tin Hat is to construct an operating system that can hide data from an attacker even if he has physical access to the computer.[1] Physical access to a computer with unencrypted filesystems does not secure the data and an attacker could easily retrieve the data. Encrypting the filesystem provides protection from such an attack, but many implementations of encryption do not hide the fact that data is encrypted on the filesystem. For example, the LUKS encryption system includes metadata which detail the block cipher and block cipher mode used in encryption. This information does not help the attacker decrypt the filesystem, but it does reveal that it contains encrypted data and not random data. However, Tin Hat stores its filesystem in the RAM, leaving no data in the computer's hard drive. If the user stores any data via a more permanent means than RAM, the encrypted data is indiscernable from random data.

Tin Hat's preferred method of encryption is via loop-aes v3.

Beyond these considerations, Tin Hat has to also protect against more common exploits based on networking or security holes in software. The hardening model chosen is PaX/Grsecurity which is already provided by the Hardened Gentoo project. Hardening of the kernel and the toolchain make most code born exploits less likely. A non-modular compiled kernel further frustrates the insertion of malicious kernel modules.

Difference from Gentoo

The design goals of Tin Hat necessitate branching from Gentoo, rather than adding features from within by adding software to Gentoo's native portage system.

See also

Cryptography portal

References

This article uses content from Gnu GPL.

External links

  • Official site
  • Hardened Gentoo Project

Articles and media coverage

  • Gentoo Monthly Newsletter: August 31 2008
  • Hackaday.com: Nov 20th 2008
  • Golem.de (German): March 12th 2009
  • Desktoplinux.com: March 12th 2009
  • OpenNet.ru (Russian): March 12th 2009
  • Root.cz (Czech): March 15th 2009
  • LWN.net: March 18th 2009
  • Pofacs #067 (German Podcast): January 21st 2010
  • Xakep.ru (Russian): February 27th 2010
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.