Tin Hat Linux

This article is about Tin Hat Linux. For the compact, security-minded Linux distribution, see Tinfoil Hat Linux.

Tin Hat Linux

Developer	Anthony G. Basile, et al.
OS family	Unix-like
Working state	Current
Source model	Open source
Latest release	20130228 / February 28, 2013 (2013-02-28)
Available in	Multilanguage
Package manager	Portage
Platforms	IA-32, x86-64
Kernel type	Monolithic
Default user interface	GNOME
License	Various
Official website	tinhat.sourceforge.net

Tin Hat is a Security-focused Linux distribution derived from Hardened Gentoo Linux. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM.^[1] Tin Hat boots from CD, or optionally from USB flash drive, but it does not mount any file system directly from the boot device.^[1] Instead, Tin Hat employs a large SquashFS image from the boot device which expands into tmpfs upon booting. This makes for long boot times, but fast speeds during use.

Design goal

The central design consideration in Tin Hat is to construct an operating system that can hide data from an attacker even if he has physical access to the computer.^[1] Physical access to a computer with unencrypted filesystems does not secure the data and an attacker could easily retrieve the data. Encrypting the filesystem provides protection from such an attack, but many implementations of encryption do not hide the fact that data is encrypted on the filesystem. For example, the LUKS encryption system includes metadata which detail the block cipher and block cipher mode used in encryption. This information does not help the attacker decrypt the filesystem, but it does reveal that it contains encrypted data and not random data. However, Tin Hat stores its filesystem in the RAM, leaving no data in the computer's hard drive. If the user stores any data via a more permanent means than RAM, the encrypted data is indiscernible from random data.

Tin Hat's preferred method of encryption is via loop-aes v3.

Beyond these considerations, Tin Hat has to also protect against more common exploits based on networking or security holes in software. The hardening model chosen is PaX/Grsecurity which is already provided by the Hardened Gentoo project. Hardening of the kernel and the toolchain make most code born exploits less likely. A non-modular compiled kernel further frustrates the insertion of malicious kernel modules.

Difference from Gentoo

The design goals of Tin Hat necessitate branching from Gentoo, rather than adding features from within by adding software to Gentoo's native portage system.

References

This article uses content from this page on tinhat.sourceforge.net, where it is licensed under the Gnu GPL.

1 2 3 "Tin Hat". D'Youville College.

External links

Articles and media coverage

Linux distributions

Arch Linux	Antergos ArchBang Chakra Manjaro Linux Parabola GNU/Linux-libre

Debian	antiX Astra Linux Bharat Operating System Solutions Devuan gNewSense HandyLinux Kali Linux Knoppix SparkyLinux SteamOS Tails Ubuntu Official: Edubuntu Kubuntu Lubuntu Ubuntu MATE Xubuntu Unofficial: Bodhi Linux Elementary OS Linux Mint Trisquel

Fedora	BLAG Linux and GNU Korora Red Hat Enterprise Linux CentOS ClearOS Linpus Linux Oracle Linux Qubes OS Rocks Cluster Distribution Scientific Linux SME Server

Gentoo Linux	Calculate Linux Chromium OS Chrome OS Funtoo Linux Sabayon Linux

Other	Asturix Frugalware Linux Mandriva Linux Mageia OpenMandriva Lx ROSA Linux openSUSE SUSE Linux Enterprise Server PCLinuxOS Puppy Linux Slackware Porteus Salix OS VectorLinux Source Mage

Category Comparison List Commons

This article is issued from Wikipedia - version of the 7/21/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.