You look at a map of interesting roads, maybe look at satellite imagery of the area if you're not at all familiar with it, and take your 4x4 out for a drive.
Go slow, keep your eyes open, and you'll probably see a spot which looks perfect to camp at in no time.
I liked the Nexus 4 form factor as well. I've bounced around to larger phones, including the Nexus 6, Pixel and Pixel 2... but I recently went back to a Sony device (XZ1 compact) because it:
(1) Has a headphone jack
(2) Has the same processor as my Pixel 2
(3) Is actually a usable size (roughly the same as the Nexus 4)
I have giant hands and large pockets available but will always prefer a smaller phone.
For a wireless-focused distro, there's also pentoo[1].
I prefer customizing a general purpose distribution to my own liking vs. using a dedicated "hacking" distro, so maybe I'll always miss it but: what's the point of this? The author concludes their review with the following:
> Bottom line, an SDR toolset is a must have tool for both the hacker looking to penetrate targets and for the security conscious sysadmin who performs their own security audits.
But, as I see it, they undermine this point in the paragraph immediately preceding it:
> The only drawback is the lack of classic WiFi hacking tools (aircrack, reaver, wifite, kismet, …) that would allow us to have a definitive workstation to own all of the airwaves.
The tools which are highlighted to make SigintOS stand out against something like pentoo (easy-button IMSI catcher, GPS spoofing) seem significantly less useful for 99% of engagements than something that makes dealing with WiFi "easy." I'd love to know the application of these things in engagements if anyone has feedback. Are they cool? Sure! Whether they're generally useful is less clear.
md5sum is going to limit your generated passwords to 128-bits because you're limited to 32 hexadecimal digits, which are each represented by 4 bits. [a-z][A-Z][0-9] can be represented by ~6 bits, so 32 characters would allow for 190 bits of entropy.
I use a combination of password and key file so that I can worry less about someone shoulder surfing or otherwise observing the input of my password.
My password database is stored on a USB key that I carry with me, with a regular copy made and securely stored.
Key file is stored on devices I use, in a directory restricted to my own access and on a drive which is encrypted. An encrypted copy is also stored on the USB key with the password database; this can be decrypted using a GPG, key stored on a yubikey and also carried; if a device can be trusted enough, this is how I move the key file around.
Access to the database requires 3 things rather than two. A long passphrase could be recorded by an observer, who could then take my USB key. The key file ensures that they still do not have all that they need.
Go slow, keep your eyes open, and you'll probably see a spot which looks perfect to camp at in no time.