[or-cvs] r16611: {incognito} Moved some notes and instructions from the home volume creat (in incognito/trunk/root_overlay/usr: sbin share/incognito/walkthrough)

anonym at seul.org anonym at seul.org
Wed Aug 20 23:06:25 UTC 2008 

Author: anonym
Date: 2008-08-20 19:06:25 -0400 (Wed, 20 Aug 2008)
New Revision: 16611

Modified:
   incognito/trunk/root_overlay/usr/sbin/create-homevol
   incognito/trunk/root_overlay/usr/sbin/mount-homevol
   incognito/trunk/root_overlay/usr/share/incognito/walkthrough/walkthrough.html
Log:
Moved some notes and instructions from the home volume creation and mounting wizards into the walkthrough.
And now the password prompt doesn't care about order when entering passwords.


Modified: incognito/trunk/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-08-20 23:04:20 UTC (rev 16610)
+++ incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-08-20 23:06:25 UTC (rev 16611)
@@ -16,26 +16,25 @@
 
 # set the maximum size to the lowest for free space and 4095 MB, the latter
 # which is the maximum file size available on VFAT.
+# fixme: for some reason, 2047 MB seems to be the max...
 MAX_SIZE=$(( ${MEDIAFREE} / 1024 ))
-if [[ ${MAX_SIZE} -gt 4095 ]]; then
-	MAX_SIZE=4095
+if [[ ${MAX_SIZE} -gt 2047 ]]; then
+	MAX_SIZE=2047
 fi 
 
 QUESTION_HOME_PART="Use the UP and DOWN arrowkeys, and TAB to navigate between different fields and buttons in this guide. You may press ESC/Escape at any time to exit this guide.
 
-Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns which is not normally the case with __INCOGNITO__ (normally everything is reseted on a reboot)."
+Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns. For more information, see the __INCOGNITO__ Walkthrough."
 QUESTION_DISABLE_PERSISTENT="Would you like to disable the previous prompt? That way the start sequence will not get interrupted when booting __INCOGNITO__ like it was this time.
 
-If you choose 'yes' here this can be undone by running \"Enable persistant home volume\" located in the Incognito section of the K-menu."
+If you choose 'yes' here this can be undone by running \"Enable persistant home volume\" located in the __INCOGNITO__ section of the K-menu."
 QUESTION_SIZE="Enter the size in megabytes for the home volume. ${MIN_SIZE} MB is the smallest we allow, but it is strongly recommended to use more, but not more than ${MAX_SIZE} MB. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so that future upgrades of __INCOGNITO__ will fit. If you plan to store other files on the media you should take that into account and decrease the volume size appropriately."
 QUESTION_ENCRYPTION="Would you like to encrypt the home volume using TrueCrypt? This is strongly recommended as it will make your data unreadable for everyone that does not have the password you choose unless they can guess it. The only inconvenience added for this is that you will be prompted for the password at each start up."
 QUESTION_HIDDEN_VOLUME="Do you want to use a hidden home volume?
 
-A hidden volume offers you plausable deniability which is essential in case you live in a country where you must hand over encryption keys and passwords to the authorities when suspected for a crime (like in the UK). The hidden volume will reside in the free space of the normal volume, and you will have two different passwords; one that grants access to the normal volume and one that grants access to the hidden volume. When the password promt appears during the __INCOGNITO__ start sequence you simply choose which one of these to use. The password for the normal volume can be given away to the authorities when they so demand, and as long as you claim that this is the only password you have they cannot prove of the hidden volume's existence. This is why you get plausible deniability.
-
-If you choose to use a hidden volume you should do all your real work within your hidden volume, which you access with the hidden volume password. Only occasionally should you log in to the normal volume and do some \"normal\", innocent things (i.e. no illegal or otherwise sensitive activites) just so it looks like it is being used, otherwise the authorities might become suspicious when they discover that you have not touched it. But beware! When only entering the normal volume password to access the normal volume, you risk damaging the normal volume. However, the __INCOGNITO__ password prompt supports a safe way to access the normal volume by specifying both passwords. In this mode, changes that otherwise would damage the hidden volume are undone. Be sure to use this mode whenever you want to access the normal volume."
+A hidden volume offers you plausable deniability which is essential in case you live in a country where you must hand over encryption keys and passwords to the authorities when suspected for a crime (like in the UK). For more information, see the __INCOGNITO__ Walkthrough."
 QUESTION_HIDDEN_SIZE="How much of the normal home volume's capacity would you like the hidden home volume to use? The hidden volume is the one you should use for real work, so try to put as much as possible there. If you choose the maximum value (recommended), around ${MIN_SIZE} MB is left for the normal volume so it will work to some degree, but if you want it to work well (e.g. be able to do web browsing) you should leave even more space for the normal volume. Leaving 50 MB should be enough for most purposes."
-PASSWORD_RECOMMENDATION="REMEMBER TO USE STRONG PASSWORDS! Blank passwords are not accepted. To be safe it is recommended to use at least 12 characters including both upper and lower case letters, numbers and special characters, without any words from any language or other similar systems. It should be as random (and long) as your memory allows."
+PASSWORD_RECOMMENDATION="REMEMBER TO USE STRONG PASSWORDS! Blank passwords are not accepted. To be safe it is recommended to use AT LEAST 12 characters including both upper and lower case letters, numbers and special characters, without any words from any language or other similar systems. It should be as random (and long) as your memory allows."
 PASSWORD_NORMAL_VS_HIDDEN="As you will use a hidden volume, this password (i.e. for the normal volume) should be easy to remember and need not be particularly strong, just enough to fool the authorities. Only the hidden volume's password needs to be strong."
 QUESTION_NORMAL_PASSWORD="Please enter the password for the normal volume.
 

Modified: incognito/trunk/root_overlay/usr/sbin/mount-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/mount-homevol	2008-08-20 23:04:20 UTC (rev 16610)
+++ incognito/trunk/root_overlay/usr/sbin/mount-homevol	2008-08-20 23:06:25 UTC (rev 16611)
@@ -6,13 +6,11 @@
 
 # dialog text for TC password prompt
 BACKTITLE="__INCOGNITO__"
-LABEL_PASSWORD="Password"
-LABEL_OPT_PWD="Optional password"
-QUESTION_PASSWORD="Please enter the password(s) for the home volume, or choose cancel to boot with default settings and no persistent storage. Use the UP and DOWN arrows to navigate between the password fields and TAB to switch between <OK> and <Cancel>.
+LABEL_PWD1="Password"
+LABEL_PWD2="Password"
+QUESTION_PASSWORD="Please enter the password(s) for the home volume(s) you want to access, or choose cancel to boot with default settings and no persistent storage. For more information, see the __INCOGNITO__ walktrhough.
 
-To get standard access to a volume, enter the appropriate password in the '${LABEL_PASSWORD}' field and leave the ${LABEL_OPT_PWD} blank. For example, if you do NOT have a hidden volume, you should always simply enter your single password in the '${LABEL_PASSWORD}' field. If you have a hidden volume and want to access it you instead enter the hidden volume password in the '${LABEL_PASSWORD}' field.
-
-If you have a hidden volume but want to access the normal volume safely, enter the normal volume password in the '${LABEL_PASSWORD}' field and the hidden volume password in the '${LABEL_OPT_PWD}' field. If you enter the normal volume password without entering the hidden volume password in this way you risk corrupting the hidden volume and make it inaccessible."
+Use the UP and DOWN arrows to navigate between the password fields and TAB to switch between <OK> and <Cancel>."
 QUESTION_ERROR="An error occurred opening the volume, see above. Hit ENTER/RETURN to try again"
 TITLE="Open Persistent Home Volume"
 
@@ -40,7 +38,7 @@
 if [[ ${TYPE} == "TC" ]]; then
 	# Ask for truecrypt password, use password from creating (hidden volume preferred) if available
 	while true; do
-		dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_OPT_PWD}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
+		dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PWD1}" 1 0 "" 2 0 40 1024 "${LABEL_PWD2}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
 		if [[ $? -ne 0 ]]; then
 			clear
 			rm /tmp/dialog
@@ -53,14 +51,28 @@
 		TRUECRYPT_PW2="$( tail -n 1 /tmp/dialog )"	
 		shred -u /tmp/dialog
 
-		# if we got both passwords, try mounting the normal volume safely, otherwise mount normally
-		if [[ -z ${TRUECRYPT_PW2} ]]; then
+		# if we got both passwords, try mounting the normal volume safely, otherwise mount normally, but don't accept empty passwords
+		if [[ -z ${TRUECRYPT_PW1} ]] && [[ -z ${TRUECRYPT_PW2} ]]; then
+			continue
+		else if [[ -z ${TRUECRYPT_PW1} ]]; then
+			truecrypt -t --non-interactive --protect-hidden=no --filesystem=ext3 --keyfiles="" --password="${TRUECRYPT_PW2}" "${HOMEPART}" /home
+			RET=$?
+		else if [[ -z ${TRUECRYPT_PW2} ]]; then
 			truecrypt -t --non-interactive --protect-hidden=no --filesystem=ext3 --keyfiles="" --password="${TRUECRYPT_PW1}" "${HOMEPART}" /home
+			RET=$?
 		else
+			# we got two password, first try one way...
 			truecrypt -t --non-interactive --protect-hidden=yes --filesystem=ext3 --keyfiles="" --protection-keyfiles="" --password="${TRUECRYPT_PW1}" --protection-password="${TRUECRYPT_PW2}" "${HOMEPART}" /home
+
+			# and if it fails, try the other
+			if [[ $? -ne 0 ]]; then
+				truecrypt -t --non-interactive --protect-hidden=yes --filesystem=ext3 --keyfiles="" --protection-keyfiles="" --password="${TRUECRYPT_PW2}" --protection-password="${TRUECRYPT_PW1}" "${HOMEPART}" /home
+			fi
+			RET=$?
 		fi
-		
-		if [[ $? -eq 0 ]]; then
+
+		# On success, we're done
+		if [[ ${RET} -eq 0 ]]; then
 			touch /var/state/boot-media-home
 			break
 		fi

Modified: incognito/trunk/root_overlay/usr/share/incognito/walkthrough/walkthrough.html
===================================================================
--- incognito/trunk/root_overlay/usr/share/incognito/walkthrough/walkthrough.html	2008-08-20 23:04:20 UTC (rev 16610)
+++ incognito/trunk/root_overlay/usr/share/incognito/walkthrough/walkthrough.html	2008-08-20 23:06:25 UTC (rev 16611)
@@ -27,6 +27,7 @@
 		<li><a href="#misc">Other applications</a>
 		<li><a href="#macchanger">Enabling MAC changer</a>
 		<li><a href="#usb">Running __INCOGNITO__ from USB</a>
+		<li><a href="#persistent">Persistent home directory</a>
 		<li><a href="#cold">Protection against cold boot attacks</a>
 		<li><a href="#vm">__INCOGNITO__ and Virtualization</a>
 		<li><a href="#windows">Running __INCOGNITO__ from within Microsoft Windows</a>
@@ -48,7 +49,7 @@
 	character; the state of being in disguise or not recognized.
 </ol>
 
-<p>__INCOGNITO__ is an open source <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro</a> based on <a href="http://www.gentoo.org/">Gentoo Linux</a> assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet caf&eacute; or local library. __INCOGNITO__ is designed to be used from either a CD or a <a href="#usb">USB drive</a> and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USB that you have installed __INCOGNITO__ on in a computer and restart it. __INCOGNITO__ should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run __INCOGNITO__ as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.</p>
+<p>__INCOGNITO__ is an open source <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro</a> based on <a href="http://www.gentoo.org/">Gentoo Linux</a> assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet caf&eacute; or local library. __INCOGNITO__ is designed to be used from either a CD or a <a href="#usb">USB drive</a> and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USBdrive that you have installed __INCOGNITO__ on in a computer and restart it. __INCOGNITO__ should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run __INCOGNITO__ as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.</p>
 
 <p>__INCOGNITO__ is Free Software released under the GNU/GPL (version 2).</p>
 
@@ -83,7 +84,7 @@
 
 <p>In the lower right corner you will find something referred to as the system tray, or simply systray, that has a couple of icons in it, each which offers an interface for some running application. One of them helps you keep an eye on the battery level if you run from a laptop, one allows to instantly change the keyboard layout, and one helps you control the network settings, for instance. You are encouraged to check them out, but we will say more about some of them later on in this article. You will also see a clock showing the time in UTC (Greenwich Mean Time) which might not be appropriate for your location. To make it show your local time, right-click it and choose &quot;Show timezone&quot; and either choose one of the timezones available there or add a new one with the &quot;Configure timezones...&quot; option.</p>
 
-<p>Some other important things that need to be understood before proceeding are the concepts of <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro, LiveCD and LiveUSB</a>. In essence a LiveDistro is an operating system (like Windows or Mac OS X, although __INCOGNITO__ uses Linux) that is run from some removable media like a CD or USB memory stick. Most likely you are running __INCOGNITO__ from a CD, which makes it into a LiveCD, and this brings some limitations to its operation. Most importantly, since the CD is a read-only medium once it has been burned by your CD recording software no changes persist through reboots. So, if you download a file or make some application settings they will be gone once you shut-down. This is both good and bad &ndash; on the plus side, if you screw up anything or get a virus, the system will be restored once you have restarted it. But not being able to save stuff is of course inconvenient in some cases. If you find it frustrating you might want to run __INCOGNITO__ from and USB memory stick instead, making it into a LiveUSB. Since a USB memory stick is writeable medium it is possible to make it so that the changes persist through reboots. You can read more about this and its implications <a href="#usb">later</a> in this walkthrough.</p>
+<p>Some other important things that need to be understood before proceeding are the concepts of <a href="http://en.wikipedia.org/wiki/Livedistro">LiveDistro, LiveCD and LiveUSB</a>. In essence a LiveDistro is an operating system (like Windows or Mac OS X, although __INCOGNITO__ uses Linux) that is run from some removable media like a CD or USB drive. Most likely you are running __INCOGNITO__ from a CD, which makes it into a LiveCD, and this brings some limitations to its operation. Most importantly, since the CD is a read-only medium once it has been burned by your CD recording software no changes persist through reboots. So, if you download a file or make some application settings they will be gone once you shut-down. This is both good and bad &ndash; on the plus side, if you screw up anything or get a virus, the system will be restored once you have restarted it. But not being able to save stuff is of course inconvenient in some cases. If you find it frustrating you might want to run __INCOGNITO__ from a USB drive instead, making it into a LiveUSB. Since a USB drive is writeable medium it is possible to make it so that the changes persist through reboots. You can read more about this and its implications <a href="#usb">later</a> <a href="#persistent">on</a> in this walkthrough.</p>
 
 
 <h3><a name="nm"></a>Networking with NetworkManager</h3>
@@ -239,24 +240,51 @@
 
 <h3><a name="usb"></a>Running __INCOGNITO__ from USB</h3>
 
-<p>Running __INCOGNITO__ from a CD has its virtues but it certainly also have its limitations. While CDs are portable they usually do not fit in your pocket in a comfortable manner. But a USB memory stick certainly fits any pocket or your key ring. In addition, CDs are read-only and thus no data can be saved to them, but that is, again, not the case with USB memory sticks. However, storing sensitive data on a USB memory stick could be dangerous if it got into the wrong hands. Similarly, if we get a virus or manages to damage the system in other ways, the system is tainted or unusable from that point and all consecutive boots, either with or without your knowledge. Clearly that is not good.</p>
+<p>Running __INCOGNITO__ from a CD has its virtues but it certainly also have its limitations. While CDs are portable they usually do not fit in your pocket in a comfortable manner. But a USB memory stick certainly fits any pocket or your key ring. In addition, CDs are read-only and thus no data can be saved to them, but that is, again, not the case with USB drives. However, storing sensitive data on writeable media could be dangerous if it got into the wrong hands. Similarly, if we get a virus or manages to damage the system in other ways, the system is tainted or unusable from that point and all consecutive boots, either with or without your knowledge. Clearly that is not good.</p>
 
-<p>It is actually possible to get the best out of these two worlds at the same time. When running __INCOGNITO__ from a USB memory stick you have the option to create an encrypted container wherein your home directory is stored so that any files stored and settings made are saved persistently. If you use a good password this deals with the dangers of storing sensitive data on it. But what about virus threats and the like? Well, when running from a USB memory stick, the system files are still set up to not be persistently writeable. It is only your home directory which will be persistent.</p>
+<p>It is actually possible to get the best out of these two worlds at the same time. When running __INCOGNITO__ from a USB drive you have the option to create an encrypted container wherein your home directory is stored so that any files stored and settings made are saved persistently. If you use a good password this deals with the dangers of storing sensitive data on it. For more information on this, see the section on using a <a href="#persistent">persistent home directory</a>. But what about virus threats and the like? Well, when running from a USB drive, the system files are still set up to not be persistently writeable. It is only your home directory which will be persistent.</p>
 
-<p>In order to get __INCOGNITO__ running on USB you currently have to get the usual LiveCD installation first. Once __INCOGNITO__ has started up from CD you will find a short cut to an installation guide in the &quot;__INCOGNITO__&quot; section of the K menu, aptly called &quot;Install __INCOGNITO__ to USB&quot;. The guide will tell you about your options and is self contained, and in most cases you only need to insert a USB memory stick and hit the OK button to get it done. Then you restart the computer without the CD in, but with the USB memory stick connected instead. __INCOGNITO__ will start to boot just like from the CD but at a certain point a guide will start asking about if you want a persistent home directory or not. The encryption we mentioned earlier is optional but definitely recommended.</p>
+<p>In order to get __INCOGNITO__ running from USB you currently have to get the usual LiveCD installation first. Once __INCOGNITO__ has started up from CD you will find a short cut to an installation guide in the &quot;__INCOGNITO__&quot; section of the K menu, aptly called &quot;Install __INCOGNITO__ to USB&quot;. The guide will tell you about your options and is self contained, and in most cases you only need to insert a USB drive and hit the OK button to get it done. Then you restart the computer without the CD in, but with the USB drive connected instead, and __INCOGNITO__ shouöd start to boot just like from the CD.</p>
 
-<p>The encryption is protected with a password, so it is very important to choose a strong password. But what is a strong password? Of course, there are many different opinions on that. What can be said is that to utilize the encryption algorithm used to its full extent you will need a password consisting of 40 randomly chosen characters of those available on the standard (western) keyboard layout, which have around 90 different characters. Such a password should remain uncrackable for the remainder of this universe's life span and the same goes for the actual encryption. Of course, such a password is almost impossible to memorize, so you will probably have to go for something shorter. 20 random characters is probably more than enough. It can also help to device mnemonics to help remember them but stay away from dictionary words of any language you know. Be creative! If you need help with generating the passwords you should check out <a href="#keepassx">KeePassX</a>'s built-in password generator.</p>
+<h3><a name="persistent"></a>Persistent home directory</h3>
 
+<p>At a certain point when <a href="#usb">booting __INCOGNITO__ from USB</a> you will be prompted with the question if you want a persistent home directory or not. As mentioned elsewhere in this document, that will allow you to save files and applications settings between shutdowns, which is not normally the case. Naturally, saving sensitive stuff could be dangerious if it got into the wrong hands, so the use of encryption i highly recommended.</p>
 
+<p>As you progress through the guided setup of the persistent home directory you will be asked as few questions and given some simple instructions, and some of these might need to be commented a bit:</p>
+
+<h4>Size</h4>
+
+<p>Early on you will be asked for the size of the &quot;home volume&quot;, which will be a file stored on the USB drive that in turn will store you files. There are a few constraints on this size, like a minimum size necessary to fit the initial application settings and files that are part of __INCOGNITO_USER__ users's home directory. There is also a maximum size, which is the lowest of the space available on the drive, and 4 GB (this is because of technical reasons &ndash; files larger than 4 GB will not work).</p>
+
+<h4>Encryption</h4>
+
+<p>It cannot be emphasized enough; use encryption! The encryption is protected with a password, so it is very important to also choose a strong password. But what is a strong password? Of course, there are many different opinions on that. What can be said is that to utilize the encryption algorithm used to its full extent you will need a password consisting of 40 randomly chosen characters of those available on the standard (western) keyboard layout, which have around 90 different characters. Such a password should remain uncrackable for the remainder of this universe's life span and the same goes for the actual encryption. Of course, such a password is almost impossible to memorize, so you will probably have to go for something shorter. 20 random characters is probably enough. It can also help to device mnemonics to help remember them but stay away from dictionary words of any language you know. Be creative! If you need help with generating the passwords you should check out <a href="#keepassx">KeePassX</a>'s built-in password generator.</p>
+
+<p>If you use encryption (which you should) you will be prompted for the password during boot. One thing that might strike you as odd is that it is possible to enter two passwords. The reason for that will be clarified in the next section, but normally you just type in your password in one of them (which one doesn't matter) and press ENTER to continue.</p>
+
+<h4>Hidden volumes</h4>
+
+<p>In certain countries you may be legally forced to hand over encryption keys or passwords, or otherwise facing penal charges. Clearly this might defeat the whole purpose of using encryption, but luckily there is a solution based on <a href="http://en.wikipedia.org/wiki/Plausible_deniability">plausible deniability</a>.</p>
+
+<p>The idea is to create a so called hidden volume which resides in the free space of the normal (or outer) volume, and using two different passwords to access either of them; the normal password grants access only to the normal volume and the hidden password grants access only to the hidden volume. Given the normal password there is no way to tell whether the hidden volume exists or not &ndash; the hidden password is required for that. The point of all this is that you may hand over the normal password to the authorities and keep the hidden password secret, and they will not be able to tell whether you are fooling them or not. Hence you get plausible deniability.</p>
+
+<p>Setting up the hidden volume using the guided setup is pretty straight forward. You will be asked how large it should be, and since it is stored within the normal volume it must be smaller, but it is important that you leave some additional in order to make room on the normal volume. You will need to use the normal volume sometomes to do innocent things so that it looks used, otherwise the authorities will not believe you. However, when you do that by just specifying the normal password you may damage the hidden volume as it resides in the free space. Luckily you can supply both passwords at the same time, which will open the normal volume but make it aware of the hidden volume so you cannot damage it. So, whenever you are using the normal volume to make it look used, enter both passwords (one in each field at the password prompt, and order doesn't matter).</p>
+
+<p> Naturally, you will also be asked for an additional password for the hidden volume, and as always you should choose a good, strong password. However, for the normal volume you can choose may choose a weaker password that's easier to remember &ndash; it only needs to be good enough to fool the authoroties that it is the real password. But remember to <b>never</b> give the hidden password to anyone else, or even mention to anybody that you are using a hidden volume or have two passwords.</p>
+
+
 <h3><a name="cold"></a>Protection against cold boot attacks</h3>
 
 <p>What happens if the police knocks on your door when you are running __INCOGNITO__? This is a tough one to deal with, and there is not that much that can be done actually. If you are really unlucky they have brought with them freeze spray and other equipment which can be used to mount a <a href="http://en.wikipedia.org/wiki/Cold_boot_attack">cold boot attack</a>. This is done in order to get the contents of your RAM. Due to how modern computing works, basically everything that you have been doing for a good whike is stored in the RAM, so all information &ndash; including passwords, encryption keys and the secret plans you wrote in a text editor but then erased &ndash; may be stored in it in plain text. The more resent the activity, the more likely it is that it is still in the RAM.</p>
 
-<p>RAM is usually considered to be extremely volatile, meaning that the data it stores starts to disintegrate rapidly once power is removed. However, it has been shown that the data might be recoverable for seconds or even minutes after this happens, and apparently freeze spray can be used to increase that period significantly. Once the power is restored the RAM state will keep getting refreshed, so if the power supply is portable the removed RAM modules' contents are in the hands of the attacker. Alternatively the computer can simply be reset (i.e. switched off and back on quickly), which barely even affects the power. Then a tiny LiveCD system is loaded with the ability to dump the RAM to some writeable media. In both cases the RAM contents can be analysed in a computer forensics laboratory which might turn into a major disaster depending on what they find.</p>
+<p>RAM is usually considered to be extremely volatile, meaning that the data itstores starts to disintegrate rapidly once power is removed. However, it has been shown that the data might be recoverable for seconds or even minutes after this happens, and apparently freeze spray can be used to increase that period significantly. Once the power is restored the RAM state will keep getting refreshed, so if the power supply is portable the removed RAM modules' contents are in the hands of the attacker. Alternatively the computer can simply be reset (i.e. switched off and back on quickly), which barely even affects the power. Then a tiny LiveCD system is loaded with the ability to dump the RAM to some writeable media. In both cases the RAM contents can be analysed in a computer forensics laboratory which might turn into a major disaster depending on what they find.</p>
 
-<p>So, what should you do when you hear them knocking? You should calmly make a clean shut-down of __INCOGNITO__ using the &quot;Log out&quot; option in the K menu, then selecting &quot;Turn off computer&quot; in the window that appears. Then you wait, possibly trying to buy valuable time by barricading your door. The reason for this is that one of the last things __INCOGNITO__ does before shutting down completely is filling the RAM with random junk, thus erasing everything that was stored there before. Unfortunately this might take a couple of minutes depending on the speed of your processor and the amount of RAM installed, so while this clearly is not a perfect solution it seems it might be the best thing to do.</p>
+<p>So, what should you do when you hear them knocking? You should calmly make a clean shut-down of __INCOGNITO__ using the &quot;Log out&quot; option in the K menu, then selecting &quot;Turn off computer&quot; in the window that appears. Then you wait, possibly trying to buy valuable time by barricading your door. There are two reasons for this:<p>
 
-<p>In general this is of equal concern to both CD and USB users, but there is one exception. If you run from USB and use an encrypted home partition you are not safe any longer. The key will be stored in RAM if you did not have time to shut-down __INCOGNITO__ cleanly. As such, a cold boot attack against a system with mounted encrypted partitions is very severe as it likely gives the attackers access to all data stored on them.</p>
+<ol>
+  <li>If you are using an encrypted persistent home partition, the master encryption key will be cleared from RAM, preventing the intruders from getting it.</li>
+  <li>One of the last things __INCOGNITO__ does before shutting down completely is filling the RAM with random junk, thus erasing everything that was stored there before. Unfortunately this might take a couple of minutes depending on the speed of your processor and the amount of RAM installed, so while this clearly is not a perfect solution it seems it might be the best thing to do.</li>
+</ol>
 
 <p>As far as the authors know cold boot attacks are not standard procedure within law enforcements and similar organisations anywhere in the world yet, but it might still be good to be prepared and stay on the safe side.</p>

More information about the tor-commits mailing list