Tomb/doc/web/views/index.muse

331 lines
12 KiB
Plaintext
Raw Normal View History

2011-01-26 09:10:09 +00:00
#title Tomb - The Crypto Undertaker
#author Jaromil
<contents>
2011-01-26 15:01:53 +00:00
* Tomb - Crypto Undertaker
<class name="logo">
[[images/tomb_n_bats.png]]
</class>
2011-01-26 09:10:09 +00:00
Tomb is a simple tool to manage **encrypted storage** on GNU/Linux, from
the *hashes* of the [[http://dynebolic.org][dyne:bolic]] nesting mechanism.
2011-01-26 09:10:09 +00:00
Tomb aims to be an **100% free** and open source system for easy
2011-01-26 09:10:09 +00:00
encryption and backup of personal files, written in code that is easy
to review and links commonly shared components.
Tomb generates encrypted storage files to be opened and closed using
their associated keyfiles, which are also protected with a password
chosen by the user.
A tomb is like a locked folder that can be safely transported and
hidden in a filesystem; its keys can be kept separate, for instance
keeping the tomb file on your computer harddisk and the key files on a
USB stick.
** Documentation
2011-01-26 09:10:09 +00:00
2011-03-10 11:53:21 +00:00
"*All I know is what the words know, and dead things, and that makes
a handsome little sum, with a beginning and a middle and an end, as
in the well-built phrase and the long sonata of the dead.*"
Samuel Beckett
First of all the usual info you'd expect a software to provide:
- [[README]]
- [[ChangeLog]]
- [[TODO]]
- [[AUTHORS]]
And more below, read on...
2011-03-09 16:51:52 +00:00
*** How does it works
[[images/monmort.png]]
Tombs are operated from a normal file browser or from the commandline.
To open a tomb is sufficient to click on it, or use the command **tomb-open**
When a tomb is open your panel will have a little icon in the tray
reminding you that a tomb is open, offering to explore it or close it.
To make safety copies of your keys, tomb lets you "bury a key" inside
an image (using steganography techniques) and of course "exhume"
buried keys from pictures where they are hidden. Actually it is very
hard to guess when something is hidden inside a picture without
knowing the password used in steganography.
2011-03-10 11:53:21 +00:00
[[images/awesome-shot.png]]
2011-03-09 16:51:52 +00:00
See the [[manual.html][manpage]] for more information on how to operate Tomb from the
text terminal.
<example>
2011-05-26 17:21:09 +00:00
Tomb 1.1 - a strong and gentle undertaker for your secrets
2011-03-09 16:51:52 +00:00
Syntax: tomb [options] command [file] [place]
Commands:
create create a new tomb FILE and its keys
open open an existing tomb FILE on PLACE
2011-05-29 15:22:26 +00:00
list list all open tombs or the one called FILE
close close the open tomb called FILE (or all)
slam close tomb FILE and kill all pids using it
2011-03-09 16:51:52 +00:00
Options:
-s size of the tomb file when creating one (in MB)
-k path to the key to use for opening a tomb
-n don't process the hooks found in tomb
2011-05-29 15:22:26 +00:00
-o mount options used to open (default: rw,noatime,nodev)
2011-03-09 16:51:52 +00:00
-h print this help
-v version information for this tool
-q run quietly without printing informations
-D print debugging information at runtime
</example>
**** More sources of information
Tomb's documentation is being actively written as we speak, you will
find some more informations about it on the wiki found on
[[http://github.com/dyne/Tomb][github.com/dyne/Tomb]] as well on the one on [[http://crypto.is][crypto.is]].
2011-01-26 09:10:09 +00:00
*** Who needs Tomb
2011-03-10 11:53:21 +00:00
"*Democracy requires Privacy as much as Freedom of Expression.*" Anonymous
2011-03-09 16:51:52 +00:00
2011-01-26 09:10:09 +00:00
Our target community are desktop users with no time to click around,
sometimes using old or borrowed computers, operating in places
endangered by conflict where a leak of personal data can be a threat.
2011-03-09 16:51:52 +00:00
If you can't own a laptop then it's possible to go around with a USB
2011-01-26 09:10:09 +00:00
stick and borrow computers, still leaving no trace and keeping your
data safe during transports. Tomb aims to facilitate all this and to
be interoperable across popular GNU/Linux operating systems.
2011-03-09 16:51:52 +00:00
The internet offers plenty of free services, on the wave of the Web2.0
fuzz and the community boom, while all private informations are hosted
on servers owned by global corporations and monopolies.
It is important to keep in mind that no-one else better than *you* can
ensure the privacy of your personal data. Server hosted services and
web integrated technologies gather all data into huge information
pools that are made available to established economical and cultural
regimes.
**This software urges you to reflect on the importance of your
privacy**. World is full of prevarication and political imprisonments,
war rages in several places and media is mainly used for propaganda by
the powers in charge. Some of us face the dangers of being tracked by
oppressors opposing our self definition, independent thinking and
resistance to omologation.
<verse>
"The distinction between what is public and what is private is
becoming more and more blurred with the increasing intrusiveness of
the media and advances in electronic technology. While this
distinction is always the outcome of continuous cultural
negotiation, it continues to be critical, for where nothing is
private, democracy becomes impossible."
(from [[http://www.newschool.edu/centers/socres/privacy/Home.html][Privacy Conference, Social Research, New School University]])
</verse>
2011-01-26 09:10:09 +00:00
*** Aren't there enough encryption tools already?
2011-03-09 16:51:52 +00:00
[[images/foster_privacy.png]]
2011-01-26 09:10:09 +00:00
We've felt the urgency of publishing Tomb for other operating systems
than dyne:bolic since the current situation in personal desktop
encryption is far from optimal.
[[http://en.wikipedia.org/wiki/TrueCrypt][TrueCrypt]] makes use of statically linked libraries so that its code is
hard to audit, plus is [[http://lists.freedesktop.org/archives/distributions/2008-October/000276.html][not considered free]] by free operating system
distributors because of liability reasons, see [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364034][Debian]], [[https://bugs.edge.launchpad.net/ubuntu/+bug/109701][Ubuntu]], [[http://lists.opensuse.org/opensuse-buildservice/2008-10/msg00055.html][Suse]],
[[http://bugs.gentoo.org/show_bug.cgi?id=241650][Gentoo]] and [[https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt][Fedora]].
[[http://tom.noflag.org.uk/cryptkeeper.html][Cryptkeeper]] is the best alternative to Tomb out there and its main
advantage consists in not needing root access on the machine it's
being used. But Cryptkeeper still has drawbacks: it uses [[http://www.arg0.net/encfs][EncFS]] which
implements weaker encryption than dm-crypt and it doesn't promotes the
separated storage of keys.
At last, the [[https://we.riseup.net/debian/automatically-mount-encrypted-home][Encrypted home]] mechanisms on operating systems as Debian
and Ubuntu adopt encryption algorithms as strong as Tomb does, but
they need to be configured when the machine is installed, they cannot
be easily transported and again they don't promote separated storage
of keys.
With Tomb we try to overcome all these limitations providing strong
encryption, encouraging users to separate keys from data and letting
them transport tombs around easily. Also to facilitate auditing and
customization we intend to:
2011-01-26 09:10:09 +00:00
- write short and readable code, linking shared libs
- provide easy to use graphical interfaces and desktop integration
- keep the development process open and distributed using GIT
- distribute Tomb under the GNU General Public License v3
If you believe this is a worthy effort, you are welcome to [[http://dyne.org/donate][support it]].
2011-01-26 09:10:09 +00:00
*** Where do we learn more from
Here below some articles that are useful to understand Tomb more in
detail and to get in touch with the difficult job of a Crypto
Undertaker:
- [[TKS1-draft.pdf][TKS1 - An anti-forensic, two level, and iterated key setup scheme]]
- [[New_methods_in_HD_encryption.pdf][New Methods in Hard Disk Encryption]]
- [[Luks_on_disk_format.pdf][LUKS On-Disk Format Specification]]
- [[LinuxHDEncSettings.txt][Linux hard disk encryption settings]]
2011-01-26 15:01:53 +00:00
2011-01-26 09:10:09 +00:00
** Downloads
For licensing information see the [[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]
Below a list of formats you can download this application: ready to be
run with some of the interfaces developed, as a library you can use to
build your own application and as source code you can study.
2011-05-26 17:21:09 +00:00
*** Debian and Ubuntu GNU/Linux
Visit our brand new [[http://apt.dyne.org][APT.dyne.org]] repository, there you can tune into
our software channel via an easy to use installer, so you can always
stay up to date with our **freshly brewed software, from the upstream
tap!**
*** Arch GNU/Linux and derivatives
Tomb is [[https://aur.archlinux.org/packages.php?ID=48257][packaged in AUR]], check it out !
*** Source Code
2011-05-26 17:21:09 +00:00
Latest stable release is 1.1 (May 2011), see the [[ftp://ftp.dyne.org/tomb/ChangeLog][ChangeLog]].
Source releases are signed by [[http://jaromil.dyne.org][Jaromil]] using [[http://www.gnupg.org][GnuPG]] and MD5 hashes.
On [[http://ftp.dyne.org/tomb][ftp.dyne.org/tomb]] you can find all present and past Tomb releases,
plus binaries that are occasionally built for various architectures.
The bleeding edge version is developed on [[http://github.com/dyne/Tomb][GitHub/dyne/Tomb]]: you can
clone the repository free and anonymously, as well contribute to
development interacting with us via GitHub (fork, code and then
request a pull).
To compile fresh code out of Git you first have to generate the
auto-tools build environment giving the command:
<example>
autoreconf -i
</example>
and then you can proceed with the usual configure && make mantra, may
the source be with you.
*** App1e/O$X
2011-03-30 11:30:08 +00:00
There are several possibilities of porting Tomb to run on those
expensive and fancy-schmancy toys.
2011-01-26 09:10:09 +00:00
A good plan can be that of using TrueCrypt's version of cryptsetup
which seems to be already ported for the purpose, with a bit of
desktop integration and shell scripting it should be all set,
[[http://dyne.org/contact][let us know]] if you like to join our team on this task.
2011-01-26 09:10:09 +00:00
*** Win$loth
2011-01-26 09:10:09 +00:00
There are rumored plans to port Tomb on Win or at least make it
possible to open tomb files under Win: this could be possible
especially using [[http://www.freeotfe.org][FReeOTFE]] or adding compatibility in [[http://www.sdean12.org/SecureTrayUtil.htm][SecureTrayUtil]]
and contributions are welcome in those directions.
2011-01-26 09:10:09 +00:00
However we strongly **encourage people in need of strong encryption to
not use Winslows**, or at least to not generate encrypted partitions
with it, since it can contain backdoors in the random number
generation, as pointed by Bruce Schneier and Niels Ferguson in this
[[http://www.schneier.com/essay-198.html][short essay about the Dual_EC_DRBG]].
2011-01-26 09:10:09 +00:00
** Development
*** Stage of development
Tomb is an evolution of the 'mknest' tool developed for the [[http://dynebolic.org][dyne:bolic]]
2011-01-26 09:10:09 +00:00
GNU/Linux distribution, which is used by its 'nesting' mechanism to
encrypt the Home directory of users.
As such, it uses well tested and reviewed routines and its shell code
is pretty readable. The name transition from 'mknest' to 'tomb' is
marked by the adaptation of mknest to work on Debian based operating
systems.
At present time Tomb is easy to install and use, it mainly consists of
a Shell script and some auxiliary C code for desktop integration
(GTK), making use of GNU tools and the cryptographic API of the Linux
kernel.
*** People involved
[[images/tomb_crew_hkm11.jpg]]
Tomb is designed and written by [[http://jaromil.dyne.org][Jaromil]].
2011-02-03 22:38:21 +00:00
Tomb's artwork is contributed by [[http://monmort.blogspot.com][Món Mort]].
2011-05-29 15:22:26 +00:00
Tomb includes code by Hellekin O. Wolf and Anathema.
Testing and fixes are contributed by Dreamer, Shining, Mancausoft,
Asbesto and Boyska.
2011-03-30 11:30:08 +00:00
Most research we refer to is documented by Clemens Fruhwirth who also
developed Cryptsetup together with Christophe Saout.
2011-01-26 09:10:09 +00:00
Here below a cheerful picture of Tomb's developers meeting at the
[[http://http://hackmeeting.org][hackmeeting]] 2011 in Firenze...
2011-01-26 09:10:09 +00:00
*** How can you help
Code is pretty short and readable: start looking around it and the
materials found in doc/ which are good pointers at security measures
to be further implemented.
Have a look in the TODO file to see what our plans are.
At the moment we can use some good help in porting this tool on
M$/Windows and Apple/OSX, still keeping the minimal approach we all
love: write short code and make it readable.
Please report any issue you encounter on [[http://github.com/dyne/Tomb][github.com/dyne/Tomb]]
Get in touch with developers via mail using this web page
[[http://dyne.org/contact][dyne.org/contact]] or via chat on [[http://irc.dyne.org][irc.dyne.org]] channel #tomb
We do have a mailinglist too, but its in Italian language, just
contact us if you like to subscribe.