Torpark 1.5.0.6 Pre-release

Arrakistor arrakistor at gmail.com
Sat Aug 5 22:33:46 UTC 2006


Anothony,

Another  possibility...  that  it  runs  from  an encrypted container.
However  this may require device drivers and administrative access. If
only  there was a way to shift a program and files entirely to memory,
without the need to create a virtual drive or have admin access.

What  algo? Probably a fast random scramble or guttman, 7+ passes. But
considering the space will be about 24MB, x 7, = 168MB of writing. How
fast can a USB 1.0 drive write?

Where  is might store firefox data? Not too big a deal. Firefox itself
is innocuous. No actual files are stored to the local drive because of
Torpark, unless you count the swap for memory usage.

Will  they  click  the  button  without  realizing  the consequence? I
imagine  they  will,  once.  I  could  make  it  where  it is a hotkey
combination.



Regards,
 Arrakistor

Saturday, August 5, 2006, 4:58:56 PM, you wrote:

> Hi Arrakistor,

> --- Arrakistor <arrakistor at gmail.com> wrote:

>> UPX  works  well  on some of the files, not 
>> so hot on others.

> Agreed.  UPX does not play well with some .exe's and
> .dll's.  

> I have noticed that after  UPXing firefox (all files
> not just firefox.exe) and using the find text feature
[...Edit >> Find in this page...] firefox will freeze
> and require a re-start.  I noticed this on v.1.5 but I
> havn't tested it on later versions.  Note that I
> haven't tested it with the portable versions of
> Firefox, just the full program.

>> I  haven't spoken much about it, but does anyone
>> think a self-destruct button on Torpark would be
>> worthwhile? 

> Personally I don't think it's needed or especially
> effective...Here are some issues worth concidering:

> 1.
> What OS an end-user runs.  If they use Windows (for
> example) it _may_ be useless as there are countless
> places Windows can place Firefox evidence (eg. Swap,
> free-space, etc, etc).

> 2.
> What shredding algo you use.  Dod (7 random passes) is
> IMO the best option with today's modern hardware
> (Guttmann algo doesn't offer increased security vs.
> Dod).  Please see the epilogue to Peter Guttmann's
> paper "Secure Deletion of Data from Magnetic and
> Solid-State Memory"
> <http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html>

> --Relevent info from "Epilogue" to 96' paper--
> "For any modern PRML/EPRML drive, a few passes of
> random scrubbing is the best you can do...A good
> scrubbing with random data will do about as well as
> can be expected".

> 3.
> Will it confuse end-users?  Will they click the button
> without realizing it's consequence?  

> 4. 
> It may be a better option for you to suggest end-users
> only install your app on an encrypted USB.  It would
> be faster and more secure to re-encrypt the USB then
> shredding the FF directory.

> Anogeorgeo,



> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 



More information about the tor-talk mailing list