home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Assembly 1994 - The 3rd Phase
/
ASMROM94.mdf
/
sources
/
secdrv13.txt
< prev
next >
Wrap
Text File
|
1994-01-29
|
31KB
|
592 lines
SecureDrive V1.3A Documentation |
Edgar Swank <edgar@spectrx.saigon.com> |
This is a maintenance release of SecureDrive 1.3. It mainly fixes
reported problems and has minimal new function. See file BUGS13.DOC.
The only visible functional change from 1.3 is the appearance of
msg
Check bytes in Disk x: Boot Sector need updating from 1.3 to
1.1/1.3A. Proceed?
which will be issued by both LOGIN and CRYPTDSK when they attempt to
verify a passphrase on a hard disk or diskette encrypted by version
1.3 CRYPTDSK operating in version 1.1 compatability mode. This
corrects the error in computing the check bytes used to verify the
passphrase and updates the check bytes to the correct 1.1 value and
WRITES back the boot sector. Note that once this update has taken
place, this disk cannot be decrypted by release 1.3 anymore.
Releases 1.3 and 1.3A of Secure Drive are based on releases 1.0 and
1.1, mostly written by
Mike Ingle <mikeingle@delphi.com>
and version 1.2, with significant new code by myself.
The code which we wrote is not copyrighted, but the program contains GNU
Copylefted code, and therefore may be freely distributed under the terms of
the GNU General Public Licence. See file COPYING for legalese.
SecureDrive V1.1 Changes from V1.0
* Two-drives bug fixed. V1.0 would get the drives out of order if you had
two physical hard drives. V1.1 fixes this problem.
* One-step passphrase change. Instead of decrypting and re-encrypting, you
can change the passphrase in one step with CRYPTDSK.
* Improved hashing algorithm. V1.0 used a simple MD5 of the passphrase to
produce the encryption key. This allowed an attacker to test possible
passphrases quickly. V1.1 iterates the hash 2048 times to slow down a
passphrase search.
Because of the new passphrase hashing algorithm, V1.1 users will
need to decrypt your disk with V1.0 and re-encrypt with V1.1 to
upgrade. The new algorithm produces a different IDEA key for the
same passphrase.
This may have been unclear in the previous version: V1.0 and V1.1
encrypt one hard drive partition at a time. LOGIN /S will not
protect more than one partition. If you log in to a second
partition, the first one will not be accessible, and will not be
protected from writes.
All references to MD5 refer to:
RSA Data Security, Inc. MD5 Message-Digest Algorithm
(C) 1990, RSA Data Security
The IDEA(tm) block cipher is covered by a patent held by ETH and a Swiss
company called Ascom-Tech AG. The Swiss patent number is PCT/CH91/00117.
International patents are pending. IDEA(tm) is a trademark of Ascom-Tech AG.
There is no license fee required for noncommercial use. Commercial users
may obtain licensing details from:
Dieter Profos, Ascom Tech AG, Solothurn Lab, Postfach 151, 4502
Solothurn, Switzerland, Tel +41 65 242885, Fax +41 65 235761.
Ascom IDEA patents:
US patent 5,214,703 granted May 25, 1993.
EP Patent EP 0 482 154 B1 granted June 30, 1993.
JP Patent pending
Use this software at your own risk!
Send all comments and bug reports to <edgar@spectrx.saigon.com>. |
Changes for version 1.2 are highlighted by "|" at the right margin. |
Changes for version 1.3 are highlighted by "+" at the right margin. +
Many people have sensitive or confidential data on their personal computers.
Controlling access to this data can be a problem. PC's, and laptops in
particular, are highly vulnerable to theft or unauthorized use. Encryption
is the most secure means of protection, but is often cumbersome to use. The
user must decrypt a file, work with it, encrypt it, and then wipe the
plaintext. If encryption were easy, many more people would use it.
SecureDrive is a step in this direction. SecureDrive automatically stores
sensitive data on your DOS/Windows system in encrypted form.
SecureDrive V1.3 allows you to create up to four encrypted partitions +
on your hard drive(s). It also allows you to encrypt floppy disks.
Encrypted partitions and disks become fully accessible when the TSR is
loaded and the proper passphrase entered. The TSR takes only 2.4K of +
RAM, and can be loaded high. Encryption is performed at the sector
level and is completely transparent to the application program.
Everything on the disk or partitions except the boot sector is
encrypted. Encrypted floppy disks can be freely interchanged with
unencrypted ones. Disks and partitions can be decrypted and returned
to normal at any time.
SecureDrive uses the IDEA cipher in CFB mode for maximum data
security. The MD5 hash function is used to convert the user's
passphrase into a 128-bit IDEA key. The disk serial number, and track
and sector numbers are used as part of the initialization to make each
sector unique.
SecureDrive is made up of three program files. SECTSR is the
memory-resident driver. CRYPTDSK is used to encrypt and decrypt
floppy disks and hard drive partitions. LOGIN is used to unlock
encrypted disks and partitions by loading the passphrase and disk
parameters into the resident module.
Getting started instructions:
If you only have one hard drive partition (C:), you will have to
repartition your hard drive if you want an encrypted partition. You
can use encrypted floppies without changing your hard drive. You
should create a partition(s) large enough to hold all of your
sensitive data. For this example, assume the partition is (D:). Put
SECTSR, CRYPTDSK, and LOGIN in a directory which is in your PATH.
(Not on the soon-to-be encrypted drive, of course!)
Normally re-partitioning a hard drive with FDISK destroys all the data
on it, so you would have to back up all your data beforehand. But if
you only have one partition now, there is a utility
FIPS08.ZIP 84831 07-23-93 Nondestructive hard disk
partition split util.
available from the SIMTEL archive and possibly elsewhere that claims
to be able to split your first partition without data loss.
Put in your AUTOEXEC.BAT, before the loading of any disk cache:
SECTSR
LOGIN D: /S (assuming drive D:)
LOGIN E: /S (and so on for each to-be-encrypted partition, up to four) +
This will load the TSR and put encrypted disk partitions in "safe mode", +
preventing accidental access and damage to the partitions after they are
encrypted. Reboot the system to make the changes take effect.
Actually, before the partitions are encrypted with CRYPTDSK, LOGIN /S +
will return a warning message that the partitions are not encrypted, +
but, as of version 1.3, CRYPTDSK uses SECTSR to protect the drive +
while it is being encrypted and until the next boot. This is a change +
from previous versions. V1.0 to V1.2 would not operate on hard disk +
partitions while SECTSR was in memory. +
One purpose of having multiple encrypted hard disk partitions is so +
that up to four users (perhaps members of a family) can each have +
their own encrypted partition with its own unique passphrase. This +
allows up to four users to have privacy from each other, even if they all +
use the same PC and physical hard disk(s). +
The partition can have data on it, or it can be empty. Run CRYPTDSK
and select the drive letter. Enter a passphrase. CRYPTDSK will now
encrypt the partition. It will skip bad sectors.
Repeat this for each hard disk partition. If different users are +
assigned to different partitions, let each of them run CRYPTDSK and +
enter his own unique passphrase. +
Now type
LOGIN D: (again, assuming drive D:)
and enter your passphrase. Your encrypted drive is now accessible.
To use an encrypted floppy, use CRYPTDSK to encrypt the floppy. Then run
LOGIN /F
and enter the passphrase. The encrypted floppy is n