Re: File System Encryption
On Tue, 27 Aug 1996 09:01:03 -0500 (CDT), Douglas R. Floyd wrote:
I'm aware of the three main disk encryption programs SFS, SECDRV, and SECDEV, but I need to find a solution that works with Windows 95 32bit or Windows NT 4.0.
I'm currently using SFS 1.17 and Secure Drive under Win-95, but am unable to continue to work in dos compatability mode due to severe performance hits. I am open to commercial products that have passed peer review, but know of none.
If anyone could suggest a solution (outside of switching OS's), I would be *most* gratefull.
Please respond to the list, as I am a subscriber under another account.
If you have another 386 or 486 lying around, you could install Linux and Ian's encrypted loopback code on a remote box, then NFS or Samba the filesystem over. For protection, you could modify the vlock command to lock the console (and not unlock it), and disable inetd. Then, unless
Better yet, patch some stuff onto a spare power supply cable so that a small siren would go off on a reboot and then use those security bolts to hold the case on. That would probably discourage someone from rebooting off a floppy.
someone has the permissions to access the files through the network, the files are inaccessable ;-).
Neat idea, and a great use for all the linux security patches we've heard about. / If you think education is expensive, try ignorance. / Home: Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp / Autoresponder: send email w/subject of "send resume" or "send PGPKEY" / Work: cadams@acucobol.com | V.M. (619)515-4894 | (619)689-6579 / Member in good standing of the GNU whirled hors d'oeuvre
On Tue, 27 Aug 1996 09:01:03 -0500 (CDT), Douglas R. Floyd wrote:
Better yet, patch some stuff onto a spare power supply cable so that a small siren would go off on a reboot and then use those security bolts to hold the case on. That would probably discourage someone from rebooting off a floppy.
I just unplugged the floppy drive power cable, and disabled it in the BIOS. Even if they reboot the box, the drive will be inaccessable... all they will have is a file called bigrandseed which holds the data in it. As for case protection, the best thing to do is have a tamper switch which shuts the box off if opened.
someone has the permissions to access the files through the network, the files are inaccessable ;-).
Neat idea, and a great use for all the linux security patches we've heard about.
One thing I think I can use this for is making a "lock box" for holding a PGP key for signing/decrypting stuff. Attach a keyboard, and on boot, have the PGP key decrypted into a RAM drive. Then, have a key switch on the case and a wrapper on PGP to detect this. E-mail what you want signed, turn the key, and it emails the signed/decoded file back. Someone opens the machine, tamper switch turns the box off. Box off? Key is now left in encrypted state, most likely hidden in one of the many sound files... Sounds like a nice saturday afternoon project. OBSecurityAlert: Have people updated their Sendmail yet? Another security alert went out on it yesterday...
participants (2)
-
Adamsc@io-online.com -
Douglas R. Floyd