Torpark 1.5.0.6 Pre-release
Arrakistor
arrakistor at gmail.com
Sat Aug 5 22:33:46 UTC 2006
Anothony,
Another possibility... that it runs from an encrypted container.
However this may require device drivers and administrative access. If
only there was a way to shift a program and files entirely to memory,
without the need to create a virtual drive or have admin access.
What algo? Probably a fast random scramble or guttman, 7+ passes. But
considering the space will be about 24MB, x 7, = 168MB of writing. How
fast can a USB 1.0 drive write?
Where is might store firefox data? Not too big a deal. Firefox itself
is innocuous. No actual files are stored to the local drive because of
Torpark, unless you count the swap for memory usage.
Will they click the button without realizing the consequence? I
imagine they will, once. I could make it where it is a hotkey
combination.
Regards,
Arrakistor
Saturday, August 5, 2006, 4:58:56 PM, you wrote:
> Hi Arrakistor,
> --- Arrakistor <arrakistor at gmail.com> wrote:
>> UPX works well on some of the files, not
>> so hot on others.
> Agreed. UPX does not play well with some .exe's and
> .dll's.
> I have noticed that after UPXing firefox (all files
> not just firefox.exe) and using the find text feature
[...Edit >> Find in this page...] firefox will freeze
> and require a re-start. I noticed this on v.1.5 but I
> havn't tested it on later versions. Note that I
> haven't tested it with the portable versions of
> Firefox, just the full program.
>> I haven't spoken much about it, but does anyone
>> think a self-destruct button on Torpark would be
>> worthwhile?
> Personally I don't think it's needed or especially
> effective...Here are some issues worth concidering:
> 1.
> What OS an end-user runs. If they use Windows (for
> example) it _may_ be useless as there are countless
> places Windows can place Firefox evidence (eg. Swap,
> free-space, etc, etc).
> 2.
> What shredding algo you use. Dod (7 random passes) is
> IMO the best option with today's modern hardware
> (Guttmann algo doesn't offer increased security vs.
> Dod). Please see the epilogue to Peter Guttmann's
> paper "Secure Deletion of Data from Magnetic and
> Solid-State Memory"
> <http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>
> --Relevent info from "Epilogue" to 96' paper--
> "For any modern PRML/EPRML drive, a few passes of
> random scrubbing is the best you can do...A good
> scrubbing with random data will do about as well as
> can be expected".
> 3.
> Will it confuse end-users? Will they click the button
> without realizing it's consequence?
> 4.
> It may be a better option for you to suggest end-users
> only install your app on an encrypted USB. It would
> be faster and more secure to re-encrypt the USB then
> shredding the FF directory.
> Anogeorgeo,
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
More information about the tor-talk
mailing list