Autor: madx Datum: To: tails-dev Betreff: Re: [Tails-dev] Adding KeepassX to Tails Startup; can it be done!
Thanks for the fast reply! Here is my idea:-)
Taking into account the unprecedented actions of the US Government
against Apple Computer. I propose a simple yet effective way to combat
this threat before it happens to Tails and Others!
With todays advancements in computer processor power (farms) and the
speed at which they grow; Non-randomized, small and mid-size passwords
will be susceptible to brute force attacks seamlessly.
Unless a new method of limiting login attempts, complete data wipe,
after said amount of failed attempts and generating a large enough
randomized passphrase are accomplished soon; a password breach will be
eminent.!
With that in mind, I came up with the idea of: “C.L.P.P.S.” ''Chain-Link
Password Protection System”.
With the implementation of a “Chain-Link Password Protection System",
one can defer a brute force attacker.
Any attacker will not know a “chain-link” password is being used unless
they have inside information or the end-user tells them. This can also
be a hidden feature from inside Tails as well.
All attackers, attack the main source, if that source is counteracted
with a hidden secondary or third source first, you give that end-user a
greater advantage of protection.
Now, these several databases should be stored on different media or
located in hidden directories within the system (a minimum of two
databases is obviously needed), subsequently the more databases the
better.
The first “C.L.P.P.S” password should be one the End-user has memorized.
From there they can either open the tails persistent volume or they can
open a second C.L.P.P.S Database. From there the password that opens
the persistent volume should be in upwards of ten to twenty thousand
characters.
This along with implementing the full spectrum of ASCII codes will make
governmental brute force attacks virtually impossible. Again, providing
the first C.L.P.P.S and second “C.L.P.P.S” are kept a secret. In order
for the attacker to get in they must have all 3 Passpharses.
One can only provide the tools and inform the end-user of the C.L.P.P.S.
Reminding them always that protection of the first C.L.P.P.S is
paramount and Should be unmounted and hidden at all times except when in
use.
Thank you Tails Team for taking the time out to read my idea.
I would love to hear any feedback on this.
Cheers,
Anthony
MadX
On 2016-02-29 00:22, intrigeri wrote: > Hi Anthony,
>
> madx@??? wrote (28 Feb 2016 21:16:46 GMT) :
>> [...] I would like to start off by saying thanks for making Tails
>> so great!
>
> Thank you :)
>
>> I would like to know if it is at all possible to allow KeepassX to
>> start in a window
>> before the window for the persistent drive?
>
> I see no reason why this would be impossible for technical reasons.
>
>> The Reason is so one could access
>> a Keepassx database on another drive or usb stick to open the
>> persistent drive in
>> tails. This would make the persistent drive super secure; providing
>> they use a large
>> password. I would like to be able to enter a 10000 character password
>> to open my
>> persistent drive :)
>
> Unless I missed something, it would make the persistent volume just as
> secure as whatever protects the content of that other USB stick.
> Presumably, that other USB stick would have a passphrase that the user
> needs to enter manually. And one would need to keep that other USB
> stick physically close enough to their Tails stick, so they can use
> their Tails persistent volume. So I don't quite get what is the actual
> security advantage this would bring. Can you please clarify how, and
> under what circumstances, it would make some attacker's job harder?
>
>> Thanks for reading!
>
> Thanks for sharing!
>
> Cheers,