Silk Road forums

Discussion => Newbie discussion => Topic started by: ingloriouslibertine on July 12, 2013, 10:02 am

Title: My 50th post: Navigating the Roaed Safely - Anonimity Tutorial for Newbies
Post by: ingloriouslibertine on July 12, 2013, 10:02 am
Ing's Quick-Start Mini Guide to Encryption – Windows Host (Work in Progress)

Hey all, thought I'd do something special for my 50th post (other than venture forth into the real forums, that is) and I figure a mini “getting started with encryption" guide would be a good place to start. This guide will be written for a Windows host machine, with a debian linux guide to follow.  Personally I use Linux, but I'm starting with a Windows walkthrough since I'm assuming thats what most users who would need this guide are going to be working with.  This guide should be applicable to any Windows versions, with slight (and obvious) differences in procedure.

What this guide entails

This guide will provide a step by step walkthrough illustrating how to properly set up and work within a multi-level encrypted and hidden linux virtual machine, which will run simultaneously on 2 different VM volumes.  One VM acts as the “workstation” while the other acts as a “gateway”, thereby providing another layer of security between your main linux OS and the scary, scary world outside.

What this guide assumes you know

I assume that anyone reading this guide, having been able to get TOR up and running in the first place, is going to be familiar with basic to intermediate computing terms and operations.  If VM's and gateways had you lost above that's no problem as we'll be exploring each piece of software and what it contributes to our overall security, but I won't be explaining what a driver is or going over the basics of Linux. Whonix is based on Debian linux, the same distro that spawned the likes of Ubuntu and Mint.  As some of the most popular distros around all run Debian, you have a lot of reference material at your disposal.  Besides, Linux has been steadily gaining ground for the last two decades but is now starting to enter the mainstream.  Now is a good of a time as any to check it out.


What this guide will show you

I aim to make this guide a full-fledged, veritable paranoid-schizophrenic-tin-foil-hat-wearing-SR-user's wet dream of a security and anonymity. For now:

Virtualbox – Hardware virtualization program that allows us to run our VM – Virtual Machines that will run an OS of our choice inside a “virtual” environment. Think of it a computer within a computer; for all intents and purposes, our virtual machine is its own separate entity.  I enjoy using VMs over secondary drives or USB live installations not only because it allows us to switch rapidly between OS' s without having to power down our “host” machine -the Windows PC we're running VB on- but also because it allows us to have a wide array of completely different systems at our disposal without looking like we do.  We will be using VB to allow us to run:

Whonix – By far my favorite linux distro for all things cryptography.  I'll switch between Kali, Tails, and Ubuntu depending on what I'm up to at the moment, but if I'm running Tor, I'm working in Whonix.  This amazing little OS comes as two .iso's meant to be run in tandem within Virtualbox...the linux distro itself acts as the “workstation” while there's a seperate text-only command console that acts as a “gateway” - just like the router you're connected to now but with added levels of security.  With minimal customization, this work of cryptographic art comes loaded with damn near everything you'll need to commit whatever debaucherous acts have brought you to the darknets.  A list of the most useful pre-configured software included with Whonix is at the end of this section.

Keepass – A random password generator which utilizes one master password to access a securely encrypted database containing a unique, randomly generated password for every webservice we use. 

TrueCrypt – Free, open-source virtual disk encryption software.  Creates virtual disks that, once unencrypted, can be accessed and written to like ordinary hard-drives.  Once unmounted these virtual disks are inaccessible,  hidden amongst innocuous files scattered around our hard-drive.  That makes TC our the first layer of stealth, hiding the very existence of our nefarious setup.  Can also be used to secure USB drives, partitiions, and/or entire drives with various government level encryption schemes.


Software packages included in Whonix:
------------------------------------------------
Always-on TOR and ARM anonymizing all out-going connections
TorBrowser, TorChat
Pidgin instant messanger, supporting end-end encryption
Xchat IRC client
Hidden service hosting capabilities
Webmail, Thunderbird, and TorBirdy e-mail clients
BTC wallet
Metadata scrubber
OpenPGP, Kgpg

and of course the standard: text editor, media player, image viewer, etc. 

Getting Started: Installing TrueCrypt
http://www.truecrypt.org/

I'm going to assume anyone reading can handle the installation, so lets jump right in.  There are a few ways to configure Truecrypt that will meet our needs, but this is the method I prefer.  TC is a fairly in depth program with a lot of little nuances if you like to tinker, but here I'm going to outline a basic, all-purpose first volume.

After starting TC, click “Create volume” --->””Create an encrypted file container”.  Choose Standard Truecrypt Volume.  Pick where you'll want to store the container...we can always move it later.  I wouldn't mess with the default hash/encryption settings..there's really no need to.  When it comes to volume size, choose whatever you think you might need.  At the next screen you'll select your password, and you should obviously make sure it's a strong one.  I use a windows version of Keepass to create mine, but if you don't want to mess with the key progs just make sure your passphrase has different punctuation, numbers, and symbols. Select “I will store files larger than....” and then your corresponding filesystem type that matches your OS.  When asked about cross-platform support, go with “I will mount the volume only on [OS]”, meaning that this particular volume will not be able to be accessed on any other PC than the one you're on now.  All that's left is to select the file that you're going to “hide” this volume in.  Pick somewhere randomish (a usb key works great for this)and make note of where it is. On to VB..

Getting Started 2: Installing Virtualbox
https://www.virtualbox.org/

VB isn't too hard to install or use, but if you've never played around with VM programs before it might take some getting used to.  A good idea might be to make a test install using an operating system that you're aleady familiar with in order to get a feel for how Vbox operates.  Not going to go into too much detail here, refer to the documentation on their website if needed.

Getting Started 3: Installing Whonix
http://sourceforge.net/projects/whonix/

If you took my advice and set up a virtual machine of your own real quick, you'll soon see that we're going to be setting Whonix up entirely differently.  We're going to be downloading whonix-0.5.6 for this guide, and make sure you download both the workstation and gateway .ova files.

We'll start by going to file ---> Import Appliance.  When the wizard opens up, select choose, and then click next.  Click Import and that's it.  Repeat the process with the other appliance, and then go back to the Virtualbox main window.  Select Whonix-Gateway and click start.  After the gateway starts up click back to the main windows and start up the Wokstation as well.  Here we go!

The default username is “user” and password will be “changeme”.  In order to change the default username/password, you're going to have to jump into the command line.

Whonix is based on Debian linux (same distro as Ubuntu and several other of the more popular linux variants), so there's a good chance you may have worked on a similar OS before. I said in the beginning I'm not going to be giving a Linux primer, but I've included some links at the end of the guide that will give new users a good starting point.  The documentation on the Whonix sourceforge is very helpful as well. 


-------------------------------------------------------------------------------------------
Keepass is very simple and straightforward, so I’ll end this mini how-to here.  I plan to keep this guide updated and add more of the tools I use for my own set up...As I update the guide it will eventually get into PgP options, securing email/irc/im communications, choosing and configuring additional VPNs and Proxy services, and more.

Feel free to send me any questions you might have about the software listed above or cryptography/privacy/anonymity in general.  Now that I’m a full member of the forums I’d like to try to contribute as much info as I take.   Being new to the road, I’m best suited to answer questions regarding privacy, anonymity, linux, and the like.  Also contributions feel free to contribute...send me any  suggestions, feedback, programs, websites, or other resources to include, etc....any suggestions to make this guide more comprehensive and informative are more than welcome.

Thanks for everything newbie forum, Im off!

-Ing
Title: Re: My 50th post: Navigating the Roaed Safely - Anonimity Tutorial for Newbies
Post by: bouclelan on July 18, 2013, 09:23 pm
^^ Thanks for that, nice stuff!
Title: Re: My 50th post: Navigating the Roaed Safely - Anonimity Tutorial for Newbies
Post by: keysoflight on July 18, 2013, 09:32 pm
Rockin'!