OpenPDroid

TAILS&BitmessageLiberte&CablesVSLiberte vs Tails

Libert LinuxHardened, Gentoo-based, LiveUSB/CD, Linux distroFully(ish) anonymized Similar in goal to TAILSDesigned for Anon specifically Run by Maxim Kammerer (he is Crazy)Uses Tor AND I2P

Features that make it different than TAILSAnti-forensic memory erase on boot media extraction Aimed to cold boot attacksOTFE container using LUKSCollect clock setting via Tor consensusMakes sure that clock settings are not in the clearHes very proud of thisI2p communication over Tor so that it can traverse firewalls betterFeatures that make it different than TAILSMac address randomizationCustom consistent HTTP headersDefends against browser fingerprintingHarsher iptables rulesGrsecurity for inter-process securityThe Big FeaturesThe first Linux distro that uses UEFISecure bootHardware based verification of the operating systemIf something new is on the system (malware) it wont bootDoes not allow you to install ANY softwareForces a specific resolutionCables CommunicationCustom written P2P message exchangeTAILS

TAILS LinuxDebian based, LiveUSB/CD, Linux distroFully(ish) anonymized Similar in goal to LiberteDesigned for the everymanRun by Baum with the support of the Tor ProjectUses just Tor for anonymity (but has i2p installed)

Features that Make It Different Than LiberteRegular updatesNew versions are put out due to security issues or active development at least once a monthYou can apt-get upgrade whenever you wantUses standard LUKS for persistence and supports TrueCryptContains a meta-data stripping tool MATUses Iceweasel (eventually TorBrowser) instead of janky Epiphany

The Big FeaturesDocumentation and SupportUnlike liberte that hasnt been updated since 2012New releases every monthMonetarily supported by Tor ProjectHas a roadmap!Has complete, up to date documentation, in many languagesCan temporarily install any softwareOr manually build from source and install your own software

Tails QuirksNo lock screen, no screen saverEven if you install a screensaver, there are other tty terminals that let you just log inPersistent Media is only USBThat means virtualization products wont be able to make a consistent partionCables: TL;DRA secure, peer-to-peer based message exchange Aims to be a decentralized eMail replacementNot really good as instant messaging (See bitmessage)Antitree presents:

A Mouthful of CryptoAn animated explanation of the Cables Address generation process

OR

The revolution starts at 3pm when I get home from school. Meet me at the Starbucks!

Generate a 8192 bit x.509 keyGenerate a SHA1 hash of that keyThis is your cables usernamegb24hw2hpihnj2eftkuz42fvp3l3nsoc Create a Tor hidden service5rfvhdhbw7z4dcw6.onionThis is your domain name@

Transport MechanismThis is P2P so how does it exchange messages?Via HTTP requestsThe .onion service hosts a web interfacehttp://localhost:9080/{userid}

Crypto BitsX.509 8192 bit certificate (ca.cer)Signing key generated from ca.cerDiffie-Hellman session key exchange for transport securityCryptographic Message Syntax (CMS) for the format of messageCustom wrapper that lets you use Claws-Mail

INTERWEBzExitGuard/EntryMiddle

SECURITY!!1!Tor provides secure end to end encryption beween .onion hidden servicesWaitDiffie-Helman is a secure temporal key exchangeUsed in this case to provide transport securityIt provides a key exchange ON TOP of the hidden service transport mechanismDiffie Hellman

BUT WHY??Why is Maxim adding a transport security mechanism on top of Tor?Answer: Because he didnt think Tor hidden services had enough cryptoSHA1 deprecatedAES128 deprecatedRSA-1024 deprecatedTors hidden services are not secure enough

ReviewRSA 8192 x509 based secure message exchangeUses HTTP requests over onion services to connectSecurity on top of your securityJanky web servicePopularityNo one uses thisI think one of the reasons is the awkwardness of the name CablesAlthough its inherently more anonymous than BitMessage, who cares because no one uses itBitmessage (actual logo)

BitmessageSecure, P2P based messagingSimilar to mixmaster style anonymity model(plausible deniability)If bitcoin had a baby with email it would be BitmessageYou can only decrypt messages sent to your public key

P2P

Message EncryptionElliptic Curve Integrated Encryption SchemeElliptic Curve Diffie Hellman (ECDH) to generate a shared secretAES256-CBC (PKCS#7)Key-derivation-function using SHA512HMACSHA256Proof Of WorkPOWIn order to send a message, you have to compute somethingSupposed to help mitigate spam because each message requires

Cryptopayload = time + streamnumber + encryptedtarget = 2^64 / ((length of the payload in bytes + payloadLengthExtraBytes + 8) * averageProofOfWorkNonceTrialsPerByte)initialHash = sha512(payload)while trialValue > target: nonce = nonce + 1 resultHash = sha512(sha512( nonce + initialHash)) trialValue = int(resulthash[:8])Output: trialValueVerificationThe client receives the message and verifies that it has done enough work to send it to youThe goal is that for each person you send to, you have to send a POWWhen you send to 100 people, it may take 3 hoursYou can adjust the required POW to send to youProtocol EncryptionIts like some crazy bitcoin P2P networkSeems really complicatedI just dont fucking knowhttps://bitmessage.org/wiki/Protocol_specification

Bit Message PopularityBitMessage is the most popular messaging exchange by farDeepweb users like this as their favoriteRemember they are all using the same exact client and software and network to do this exchangewww.reddit.com/r/bitmessageSummaryLiberte: Cutting edge but full of the jankTAILS: Annoying but the bestCables: Why are we even talking about it?BitMessage: The most popular one, so it doesnt matter how secure it isdial-up sound, track 12009Blues27120.0XXX - ID3v1 Commentwww.dvdvideosoft.com