Re: [Tails-dev] [tor-talk] USB Sticks for TAILS

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: tor-talk, tails-dev
Oggetto: Re: [Tails-dev] [tor-talk] USB Sticks for TAILS
Hi,

(Adding Tails folks into the loop; the thing is not called TAILS more
than Tor is called TOR, by the way :)

I thought I would just drop some notes so that anyone interested is
aware of issues that shall be taken into account (#1 below) and solved
on the long term (#2 below) when considering mass-duplication of Tails
USB sticks.

1. There is currently no way to verify the integrity and authenticity
of a pre-installed Tails, and I don't think it will get any better
in the future: in my understanding of the chicken'n'egg theory,
there is no easier way to bootstrap a trust path to a pre-installed
Tails thumb drive, than to bootstrap a trust path to a downloaded
ISO image. If we wrote software that allows one to verify a Tails
thumb drive from another, running and trusted Tails system, then
the usecase we're adressing could as well be solved by just cloning
the trusted one to the other thumb drive, right? I still see how it
could be useful to write such a piece of software, but I'm unsure
the energy needed is worth it, once the most obvious potential
usecase has been debunked.

2. It will be hard to scale mass-duplication of pre-installed Tails
   USB sticks once we have thrown some new spicy security improvements
   into Tails-users land. The easiest way we've found to give the
   persistent volume some plausible deniability properties is to
   create it by default at installation time
   (https://labs.riseup.net/code/issues/5929). The need behind this
   technical solution is often expressed to us, and we want to satisfy
   it. For this to add any security, every created persistent volume
   must have different key material. In this context:
     * Selling handmade Tails works fine, and could be scripted with
       a carefully crafted liveusb-creator command-line run in a loop.
     * The only ways I can think of to have this scale beyond 100%
       handmade installation feel kludgy, and it may not be trivial to
       ensure the result still offers plausible deniability (I'm
       thinking of using a USB duplicator, and then post-process the
       cloned thumb drives to replace the encrypted key, in the used
       LUKS slot, with other random data).


Still, as far as 30C3 is concerned, it's totally fine to bring
a hundred pre-installed Tails 0.22 sticks, and I'm very happy you are
planning to do so — please just make sure they're installed in
a supported, compatible with the persistence feature, way :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc