Re: Crypto anarchy in a VW? (not the bug)
Another possibility until then, and one that would be fun for people who like to play with EPROMS, is a card that had a cable leading to an external EPROM socket that you could lay on your desk or on top of the case or wherever. You burn your keys for the HD into a chip and use it as a key, physically inserting the chip in the socket each time. There are lots on new ways to make chips easy to plug in and out, I'm sure it wouldn't be too hard.
Heh, I have a system liek this, designed by Viglen in the UK. It was/is originally from the BBC micro to allow easy use of swapping over 'sideways' ROMS instead of opening the case. It's basically a ribbon cable with a 28way rom socket on the end with a edge connector socket on the other. Each ROM is enclosed in it's own sturdy tiny black package with an edge connector that slots into the socket that is mounted in the 'ashtray' of the Beeb. You could easily copy the idea with a rom socket, a length of ribbon cable and a ZIF socket to allow easy usage. The Viglen has pin protection so you dont spike the thing, so it's able to be used on the fly without power cycling. One thing about ROM's, they're faster than disks....easier to hide too :)
I still don't see why all of the actual encryption couldn't be done in software though...
Me either, apart from TEMPEST issues...Linux comes with slot in file system modules (as detailed in a letter to Jim) that you can easily adapt to your own uses. Ive been playing around with this idea for a while. Adding a desfs(tm) (me :) to a linux kernel is not going to be that hard I think.. (touch wood). Mark mark@coombs.anu.edu.au "liek", "smiel" and "soar" are derivatives of JenSpeak(tm). Spread the word.
Mark <mark@coombs.anu.edu.au> writes:
I still don't see why all of the actual encryption couldn't be done in software though...
Me either, apart from TEMPEST issues...
Speed. No software implementation will be able to match a hardware DES chip in total throughput. I have enough trouble dealing with the drive transfer speeds imposed upon PC unix systems with the lame bus, but even this could keep up if I had to run my file access through a software DES system. There are cards out there that can do this, and it doesn't really make sense not to offload this to an external device.
Linux comes with slot in file system modules (as detailed in a letter to Jim) that you can easily adapt to your own uses. Ive been playing around with this idea for a while. Adding a desfs(tm) (me :) to a linux kernel is not going to be that hard I think.. (touch wood).
Yes, the other thing that pushed me to linux (besides the larger user community) was the support for "drop-in" filesystems. jim
On Wed, 2 Jun 1993, Jim McCoy wrote:
Mark <mark@coombs.anu.edu.au> writes:
I still don't see why all of the actual encryption couldn't be done in software though...
Me either, apart from TEMPEST issues...
Speed. No software implementation will be able to match a hardware DES chip in total throughput. I have enough trouble dealing with the drive transfer speeds imposed upon PC unix systems with the lame bus, but even this could keep up if I had to run my file access through a software DES system. There are cards out there that can do this, and it doesn't really make sense not to offload this to an external device.
Yes, actually it does. Hardware cannot be widely and freely distributed the way software can. I am looking to write something that can protect EVERYONE, not just those people that can afford to buy some dedicated hardware. Would PGP be so widespread today if it required a hardware coprocessor?
Linux comes with slot in file system modules (as detailed in a letter to Jim) that you can easily adapt to your own uses. Ive been playing around with this idea for a while. Adding a desfs(tm) (me :) to a linux kernel is not going to be that hard I think.. (touch wood).
Yes, the other thing that pushed me to linux (besides the larger user community) was the support for "drop-in" filesystems.
I like the whole Unix idea for PC's in general, and Linux in particular, but the fact remains that the people who need security the most (the average schmuck out there in the business world or the kid running a BBS) are most likely to be using a PC DOS-based system, and I am writing for them.
jim
-Ryan the Bit Wallah
Ryan Alan Porter <ryan@rtfm.mlb.fl.us> writes:
Jim McCoy wrote: [regarding why to use hardware for the encryption]
Speed. No software implementation will be able to match a hardware DES chip in total throughput. [...] There are cards out there that can do this, and it doesn't really make sense not to offload this to an external device.
Yes, actually it does. Hardware cannot be widely and freely distributed the way software can. I am looking to write something that can protect EVERYONE, not just those people that can afford to buy some dedicated hardware.
This is true, but I am not completely writing-off those without the ability to get a hardware card: they will just have to put up with the, IMHO, unbearable slowness of doing filesystem encryption through software. I am also examining the log-structured filesystem (Rosenblum and Osterhout) to see if using that as the core to add the encryption to will make the system useable without hardware. Additionally, perhaps the fact that there is some real use for a hardware DES card will get people to buy them and increase their availability in general...
Would PGP be so widespread today if it required a hardware coprocessor?
No. Then again PGP is for encrypting _files_, not filesystems. We are talking several orders of magnitude difference in the amount of data you are trying to force through them. I guess part of the difference in viewpoints we have is that I am spoiled on unix. I have become used to the high-bandwidth drives and networks that I use every day and would not be able to stand the bottleneck created by doing the encryption in software.
I like the whole Unix idea for PC's in general, and Linux in particular, but the fact remains that the people who need security the most (the average schmuck out there in the business world or the kid running a BBS) are most likely to be using a PC DOS-based system, and I am writing for them.
Yes, a crypto drop-in that works like Stacker would be a good thing to have available and I wish you the best of luck in your efforts. On the general DOS side though, I can run DOS under linux and have a DOS filesystem within a linux system as well (linux plug :) Either way, good luck. jim
participants (3)
-
Jim McCoy -
Mark -
RYAN Alan Porter