Here is an idea for implementing DuressSFS and/or NukeTheData functions on demand with plausible deniability for all (without all your keys, TLA's wouldn't know how many encrypted partitions you had: 1. Doing anything with the encrypted file system requires 2 keys. 2. The first key decrypts the FAT (the FAT info is always written to the disk encrypted) and an encrypted control sector, which is cylinder 0, head 0, sector JustAfterTheMBRAndPartionTable. This control sector is divided into 16 32-byte (256-bit) fields or records. 3. If a hash of the key entered matches the undecrypted contents of record 0, (bytes 0-31) the EFS enters an infinite whole-drive encryption loop, using a hash of the key provided and any handy entropy, to produce a new key. The EFS will produce new keys as frequently as possible by hashing any entropy it can gather while nuking the data on the drive. While this is happening, dummy messages should be displayed, such as "Starting Windows 95...", "An exception has ocurred at XXXX:XXXXXXXX Press any key to continue." (when the entropy stock needs replenishment) or any other reasonably common startup messages. (NukeTheData) (TM) 4. If the first key is not the NukeTheData key, the EFS prompts for a second key. 5. After receiving the second key, the EFS hashes it and compares the hash to the data in the control sector records, and mounts any encrypted logical drive(s) with matching key hashes. 6. If an incorrect second key is entered X times(X between 3 and 20), (NukeTheData = True) is assumed, and executed. Using this system, without the first key, it should be impossible to tell how many separate encrypted logical drives there are on the disk. Without the second key(s) the data in the ELD's should be worthless. On bootup, the pass phrase entry screen should be designed to look exactly like the CMOS bootup password screen, and no messages indicating the existence of EFS should be displayed until after a correct 2nd key has been entered. Why advertise your security measures? Unless "they" have been tipped off to the fact that you use EFS, they can easily destroy all of the data through ignorance, especially if you have a PostIt note with the NukeTheData password/phrase (which wouldn't have to be "good"--you could use "GovtStupid" or something similar) stuck to the side of your monitor, and keep your mouth shut during interrogation. Jonathan Wienke "1935 will go down in history! For the first time a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead in the future!" --Adolf Hitler "46. The U.S. government declares a ban on the possession, sale, transportation, and transfer of all non-sporting firearms. ...Consider the following statement: I would fire upon U.S. citizens who refuse or resist confiscation of firearms banned by the U.S. government." --The 29 Palms Combat Arms Survey http://www.ksfo560.com/Personalities/Palms.htm 1935 Germany = 1996 U.S.? Key fingerprint = 30 F9 85 7F D2 75 4B C6 BC 79 87 3D 99 21 50 CB