Ryan, Good luck on building the DOS disk encryptor. I belive that what you need to do is write a standard DOS disk driver (that can be installed in CONFIG.SYS) that implements the READ and WRITE primitives. I belive that they use the same entry point (the STRATEGY entry) in the driver. You would basically just call the BIOS routines to do the actual i/o. You don't have to worry about the FAT etc, just encrypt everything. You will probably want to use DES or IDEA and run it in CBC mode or Counter Mode. You would use the DISK BLOCK NUMBER as a piece of the key material (or part of the Initialization Vector), hence, even if the same data appeared multiple places on the drive, it would appear different on the surface. There is a good description of operation modes in "Modern Cryptology: a Tutorial" by Gilles Brassard (Springer Verlag Lecture Notes in Computer Science #325, 1988). Denning's book covers it too. I'd probably start out getting it running on a floppy. After that, just use a separate partition to make life easier. The driver is handed physical (or logical) block numbers, and these map directly to the physical drive block number by adding the offset of the beginning of partition. At driver init time, you read the partition table on the hard disk, looking for a "system type" that identifies the partition as one of your encrypted ones. Prompt for the pass phrase, and store it in the driver. I assume that your concern is somebody physically grabbing the disk drive. I don't have a problem with the pass phrase in memory, as long I have physical control of the system. In some of the DOS references, there used to be a sample RAM DISK device driver. You could use it as the skeleton to get the entry points right, and then just encrypt the block and call the BIOS to do the i/o. Have fun, Eric Blossom