1993-06-04 - DOS disk encryptor

Header Data

From: Eric Blossom <eb@well.sf.ca.us>
To: cypherpunks@toad.com
Message Hash: ea81054fa065d1deba5517d342f966f6a2f1ac3ec1baa00180036d162b74b1b0
Message ID: <93Jun3.224101pdt.13930-2@well.sf.ca.us>
Reply To: N/A
UTC Datetime: 1993-06-04 05:41:19 UTC
Raw Date: Thu, 3 Jun 93 22:41:19 PDT

Raw message

From: Eric Blossom <eb@well.sf.ca.us>
Date: Thu, 3 Jun 93 22:41:19 PDT
To: cypherpunks@toad.com
Subject: DOS disk encryptor
Message-ID: <93Jun3.224101pdt.13930-2@well.sf.ca.us>
MIME-Version: 1.0
Content-Type: text/plain


Ryan,
 
Good luck on building the DOS disk encryptor.  I belive that what you 
need to do is write a standard DOS disk driver (that can be installed in 
CONFIG.SYS) that implements the READ and WRITE primitives.  I belive 
that they use the same entry point (the STRATEGY entry) in the driver.  
You would basically just call the BIOS routines to do the actual i/o.  
 
You don't have to worry about the FAT etc, just encrypt everything.  You 
will probably want to use DES or IDEA and run it in CBC mode or Counter 
Mode.  You would use the DISK BLOCK NUMBER as a piece of the key 
material (or part of the Initialization Vector), hence, even if the same 
data appeared multiple places on the drive, it would appear different on 
the surface.  There is a good description of operation modes in "Modern 
Cryptology: a Tutorial" by Gilles Brassard (Springer Verlag Lecture 
Notes in Computer Science #325, 1988).  Denning's book covers it too.
 
I'd probably start out getting it running on a floppy.  After that, just 
use a separate partition to make life easier.  The driver is handed 
physical (or logical) block numbers, and these map directly to the 
physical drive block number by adding the offset of the beginning of 
partition.  At driver init time, you read the partition table on the 
hard disk, looking for a "system type" that identifies the partition as 
one of your encrypted ones.  Prompt for the pass phrase, and store it in 
the driver.  I assume that your concern is somebody physically grabbing 
the disk drive.  I don't have a problem with the pass phrase in memory, 
as long I have physical control of the system.
 
In some of the DOS references, there used to be a sample RAM DISK device 
driver.  You could use it as the skeleton to get the entry points
right, and then just encrypt the block and call the BIOS to do the 
i/o.
 
Have fun,
Eric Blossom
 





Thread