[tor-talk] USB Sticks for TAILS

intrigeri intrigeri at boum.org
Fri Nov 15 14:31:09 UTC 2013


(Adding Tails folks into the loop; the thing is not called TAILS more
than Tor is called TOR, by the way :)

I thought I would just drop some notes so that anyone interested is
aware of issues that shall be taken into account (#1 below) and solved
on the long term (#2 below) when considering mass-duplication of Tails
USB sticks.

1. There is currently no way to verify the integrity and authenticity
   of a pre-installed Tails, and I don't think it will get any better
   in the future: in my understanding of the chicken'n'egg theory,
   there is no easier way to bootstrap a trust path to a pre-installed
   Tails thumb drive, than to bootstrap a trust path to a downloaded
   ISO image. If we wrote software that allows one to verify a Tails
   thumb drive from another, running and trusted Tails system, then
   the usecase we're adressing could as well be solved by just cloning
   the trusted one to the other thumb drive, right? I still see how it
   could be useful to write such a piece of software, but I'm unsure
   the energy needed is worth it, once the most obvious potential
   usecase has been debunked.

2. It will be hard to scale mass-duplication of pre-installed Tails
   USB sticks once we have thrown some new spicy security improvements
   into Tails-users land. The easiest way we've found to give the
   persistent volume some plausible deniability properties is to
   create it by default at installation time
   (https://labs.riseup.net/code/issues/5929). The need behind this
   technical solution is often expressed to us, and we want to satisfy
   it. For this to add any security, every created persistent volume
   must have different key material. In this context:
     * Selling handmade Tails works fine, and could be scripted with
       a carefully crafted liveusb-creator command-line run in a loop.
     * The only ways I can think of to have this scale beyond 100%
       handmade installation feel kludgy, and it may not be trivial to
       ensure the result still offers plausible deniability (I'm
       thinking of using a USB duplicator, and then post-process the
       cloned thumb drives to replace the encrypted key, in the used
       LUKS slot, with other random data).

Still, as far as 30C3 is concerned, it's totally fine to bring
a hundred pre-installed Tails 0.22 sticks, and I'm very happy you are
planning to do so — please just make sure they're installed in
a supported, compatible with the persistence feature, way :)

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

More information about the tor-talk mailing list