File System Encryption
I'm aware of the three main disk encryption programs SFS, SECDRV, and SECDEV, but I need to find a solution that works with Windows 95 32bit or Windows NT 4.0. I'm currently using SFS 1.17 and Secure Drive under Win-95, but am unable to continue to work in dos compatability mode due to severe performance hits. I am open to commercial products that have passed peer review, but know of none. If anyone could suggest a solution (outside of switching OS's), I would be *most* gratefull. Please respond to the list, as I am a subscriber under another account. The Drifter
I'm aware of the three main disk encryption programs SFS, SECDRV, and SECDEV, but I need to find a solution that works with Windows 95 32bit or Windows NT 4.0.
I'm currently using SFS 1.17 and Secure Drive under Win-95, but am unable to continue to work in dos compatability mode due to severe performance hits. I am open to commercial products that have passed peer review, but know of none.
If anyone could suggest a solution (outside of switching OS's), I would be *most* gratefull.
Please respond to the list, as I am a subscriber under another account.
If you have another 386 or 486 lying around, you could install Linux and Ian's encrypted loopback code on a remote box, then NFS or Samba the filesystem over. For protection, you could modify the vlock command to lock the console (and not unlock it), and disable inetd. Then, unless someone has the permissions to access the files through the network, the files are inaccessable ;-).
The Drifter
On Tue, 27 Aug 1996, Douglas R. Floyd wrote:
If you have another 386 or 486 lying around, you could install Linux and Ian's encrypted loopback code on a remote box, then NFS or Samba the filesystem over. For protection, you could modify the vlock command to lock the console (and not unlock it), and disable inetd. Then, unless someone has the permissions to access the files through the network, the files are inaccessable ;-).
I may have to consider this approach. I'll have to look into Ian's system. Does it pass muster with the crypto gods? (that's meant as a compliment guys :) Drifter
On Tue, 27 Aug 1996, Douglas R. Floyd wrote:
If you have another 386 or 486 lying around, you could install Linux and Ian's encrypted loopback code on a remote box, then NFS or Samba the filesystem over. For protection, you could modify the vlock command to lock the console (and not unlock it), and disable inetd. Then, unless someone has the permissions to access the files through the network, the files are inaccessable ;-).
I may have to consider this approach. I'll have to look into Ian's system. Does it pass muster with the crypto gods? (that's meant as a compliment guys :)
It uses IDEA in a decently secure manner, as well as TDES. You can also mount .au files as filesystems, and the data will be hidden in the sound file. (Last place I remember Ian's loop.c and des patches for Linux was on ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
Drifter
On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
I may have to consider this approach. I'll have to look into Ian's system. Does it pass muster with the crypto gods? (that's meant as a compliment guys :)
It uses IDEA in a decently secure manner, as well as TDES. You can also mount .au files as filesystems, and the data will be hidden in the sound file.
(Last place I remember Ian's loop.c and des patches for Linux was on ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux. I haven't looked through the code very hard yet, but I do wonder how the passphrase and such is stored. If I run losetup and setup /root/stego_file.au as a filesystem on /dev/loop0, does that get stored anywhere that isn't secure from non-root processes, or that is kept after the filesystem is unmounted? I figure the passphrase definately is removed as soon as the filesystem is unmounted, and that this is stored in protected kernel memory.
Jason Burrell wrote:
On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
I may have to consider this approach. I'll have to look into Ian's system. Does it pass muster with the crypto gods? (that's meant as a compliment guys :)
It uses IDEA in a decently secure manner, as well as TDES. You can also mount .au files as filesystems, and the data will be hidden in the sound file.
(Last place I remember Ian's loop.c and des patches for Linux was on ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux.
Anyone had any luck with ftp.csua.berkeley.edu? My ftp client says that "client not responding to commands, hanging up". What is wrong? igor
I haven't looked through the code very hard yet, but I do wonder how the passphrase and such is stored. If I run losetup and setup /root/stego_file.au as a filesystem on /dev/loop0, does that get stored anywhere that isn't secure from non-root processes, or that is kept after the filesystem is unmounted? I figure the passphrase definately is removed as soon as the filesystem is unmounted, and that this is stored in protected kernel memory.
- Igor.
Jason Burrell wrote:
On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
I may have to consider this approach. I'll have to look into Ian's system. Does it pass muster with the crypto gods? (that's meant as a compliment guys :)
It uses IDEA in a decently secure manner, as well as TDES. You can also mount .au files as filesystems, and the data will be hidden in the sound file.
(Last place I remember Ian's loop.c and des patches for Linux was on ftp.csua.berkeley.edu, /pub/cypherpunks/<somewhere>)
ftp.csua.berkeley.edu:/pub/cypherpunks/filesystems/linux.
Anyone had any luck with ftp.csua.berkeley.edu? My ftp client says that "client not responding to commands, hanging up".
What is wrong?
igor
Try a mirror. ftp.funet.fi, /pub/crypt/mirrors/soda/cypherpunks/filesystems/linux.
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 28 Aug 1996, Douglas R. Floyd wrote:
Try a mirror. ftp.funet.fi, /pub/crypt/mirrors/soda/cypherpunks/filesystems/linux.
Unfortunately, funet is down also. csclub.uwaterloo.ca/pub/linux-stego seems to work right now. - -- Mark PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMiTKpizIPc7jvyFpAQHIfAgAzHhGF4Krei/QeaOL85TyqfMQVvCcCLsM qs+3y2NqTSzoNAq4loV3B4foWSL6UsVjzNYVCVKnDZHC48FAA1uS1yNuW/k/Jx8c 2/2BEd4kkCDOqIT5dqg+EhQWGoJgKw265OP9YrmAOux+DWjznPXeiUsZYRtPKGFG CKrt7Om9Knz3Gb0Yli8gYBZahtXfN6/lmfyViCmYvbc5INOupVfL+X4koxQRoVAe f5uwiknaVaDYf5kc/Hr/xO1/UZvVXofJTInkdqP/D4ThCaCoH6m5c4TvMJBhU/3M pTXYL6iU/lpa1bVfF1jmgilzsufJo0GmDtjdx2toKETBycaSOyQmDg== =LecO -----END PGP SIGNATURE-----
participants (6)
-
Douglas R. Floyd -
drifter@c2.net -
ichudov@algebra.com -
Jason Burrell -
Mark M. -
The Drifter