As for those people that can't afford to use dedicated hardware, there is still the less secure idea of having the key stored on a floppy that would be inserted at load time and read into memory. This would have the obvious disadvantage of having the key sitting around in memory, a sitting duck (especially for people who leave their systems on all of the time, like me, as soon and the Nazis learned about systems like these then 'Run a key scanning program on the system to be confiscated' would just become step one in their procedure, would be a hole even if the keys were password protected) but it would be better than nothing at all, and the speed problems could be dealt with by using the multiple partition method that I described earlier, having a 'secure' virtual disk where all of your data goes, and a seperate 'fast' virtual disk which is unencrypted where all of your programs and such go.
Hmmm... I have a suggestion to make keeping the key in memory a little more safe, though I don't think there is way to prevent a properly resourced person/agency/enemy from getting it (or any other data in the RAM of the computer). You first need a machine which has a supervisor state, which *only* the OS can run in. Your cryptostacker will be part of the OS and as such, user processes cannot access its memory. This way, the attacking agency will have difficulty just running any old program to copy all of the CPU's memory to a disk. The only way to add new programs to the supervisor state (OS) would be if the machine is power up in a special way (with a certian boot disk for example) so that once the machine is running there is *no* software method to read any OS data. You would also want to avoid storing the crypto key at a fixed memory location. Allocate some memory at a variable location at each startup and store this location *only* in a register. This should make it even more difficult to get the key, because you would need to be able to check the supervisor stack to find the right register to find the location of the key. This raises the question of just how much work an agency goes through when it is first confiscating a machine to ensure that they can get at all the machines data. If the first thing they do is turn the machine off to be able to pack it up, then you are all set. (Assuming you didn't manage to turn it off before you lost control of the machine.) What kinds of things can you do to your home machine to make more tamper proof? If you have an "easy access" case, how about installing a micro switch that will reset the machine (or power cycle the system) when its opened. --- Nick MacDonald | NMD on IRC i6t4@jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger