Delivery-Date: Sat, 15 Aug 2015 02:16:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 0BA521E0D0D;
	Sat, 15 Aug 2015 02:16:42 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 01ACC35328;
	Sat, 15 Aug 2015 06:16:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5F58934A87
 for <tor-talk@lists.torproject.org>; Sat, 15 Aug 2015 06:16:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tUQoo63zM3oI for <tor-talk@lists.torproject.org>;
 Sat, 15 Aug 2015 06:16:31 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 by eugeni.torproject.org (Postfix) with ESMTP id 466BB23952
 for <tor-talk@lists.torproject.org>; Sat, 15 Aug 2015 06:16:31 +0000 (UTC)
X-Greylist: delayed 311 seconds by postgrey-1.34 at eugeni;
 Sat, 15 Aug 2015 06:16:31 UTC
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG002302550.MSG 
 for <tor-talk@lists.torproject.org>; Fri, 14 Aug 2015 23:11:17 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1439619073; x=1440223873; q=dns/txt; h=Message-ID:
 Date:From:User-Agent:MIME-Version:To:Subject:References:
 In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=EQJGfoyS0
 luAy65ctiqkJ79Ji+AzMzatqRp75ODvdRY=; b=VHdEdKGbXVXvbrFxldiJv7Y76
 hsdz18J6ZkJwilUJT8ZOSNixuwT2GiiaN+mJYSWToZKmo1woBuX4+crLlc474z7f
 yE5Yt0yiocsNBp1ISLYpmdZnuFwyYiiSIscILmHDVv8rXlASgbWHMqKHIHR/wQaR
 4ihvkSuZtuPsC0NheA=
Received: from [x.x.x.x] ([184.68.44.226])
 by VINCENT.hireahit.com ([23.19.120.58])
 (Cipher TLSv1.2:AES-SHA:256) (MDaemon PRO v15.0.3) 
 with ESMTPSA id 65-md50000023048.msg for <tor-talk@lists.torproject.org>;
 Fri, 14 Aug 2015 23:11:13 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Fri, 14 Aug 2015 23:11:13 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <55CED7FF.2090007@hireahit.com>
Date: Fri, 14 Aug 2015 23:11:11 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
 rv:25.4) Gecko/20150524 FossaMail/25.1.5
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <55CECC2D.7080605@openmailbox.org>
In-Reply-To: <55CECC2D.7080605@openmailbox.org>
Subject: Re: [tor-talk] Best devices to boot Tails off of?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-08-14 22:20, Qaz wrote:
> Are there flash drives that really work well with Tails? Or does it not
> really matter?

In theory, it shouldn't matter. In practice, well, things are possibly 
more complicated if an attack were targeted at Tails in particular.

> I installed Tails on a Sandisk Cruzer and it seems it
> wouldn't boot or at least show the login screen, just gets stuck with
> the blue and white progress bar. I think I have seen a list of which
> devices will probably work well with Tails but I'm not sure.

At least in theory, most any flash drive should work. But it's dependent 
on the drive, BIOS/UEFI and it's configuration, whether it passes off 
control of the USB drive properly, etc. But most modern hardware should 
handle this just fine; I haven't personally run into a non-bootable USB 
disk or motherboard in quite some time.

But that's not to say you won't, or that your hardware is configured 
appropriately for your media.

> Are DVD-R's
> the safest way to boot Tails off of?

Safest, probably. At least in theory, once you finalize optical media, 
it should be truly read-only, and the worst that could happen is that 
bits could be written (which would corrupt the disk-level checksums, 
destroying the disk)

I wouldn't totally trust flash media to be read-only, even if it has a 
physical switch as these could easily be poorly implemented and allow a 
compromised OS to persist between reboots.

> How do can I further protect my
> Tails installation on a flash drive? Would doing a checksum from another
> OS on my Tails device help ensure it's safeness/integrity?

Yes, you shouldn't trust any checksum or other verification from the 
compromised device itself.

(All "in my opinion",  as a lay-person, I have no specific knowledge of 
Tails specific issues)

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

