From: tom bryce <tjb@acpub.duke.edu>
Date: Sun, 10 Nov 1996 21:37:43 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
In-Reply-To: <v02140b02aeac593a7aa7@[192.0.2.1]>
Message-ID: <l03010608aeac1fa442cc@[152.3.87.2]>
MIME-Version: 1.0
Content-Type: text/plain


> = ph@netcom.com (Peter Hendrickson) wrote:
>> = tom bryce wrote:

>> (2) Partition the hard drive into two partitions:
>>    install the system folder on one and a copy of CryptDisk
>>    make this the startup partition and make it READ ONLY with aliases to
>>    folders you want to be modiyfable (such as Eudora Folder in the sys
>>folder)
>>    place these folders on the encrypted partition
>
>I don't think you will be able to do this.  I have heard that too many
>things modify files in the system folder for this to work.  It wouldn't
>surprise me if the OS modifies its own boot file from time to time.
>
>I'm not expert.  If you get this working I would appreciate it if you
>were to post it to the list or let me know directly.

-and-

>Watch out for the clipboard which appears to be stored as a file in
>the system folder.  Unfortunately, it has to be a real file - aliases
>not allowed.  This makes it harder to have a read only system folder
>and, of course, every time you cut and paste something you leave a
>ghost on the disk for an undefined length of time.  It's hard to
>work on the Mac without using the clipboard.

The fact that you can start up and run your system from a CD rom proves
that you can lock your startup disk. Grab a DISK TOOLS disk from your most
recent system installer disks (mine is 7.5) and flip the write protect tab,
then start up from it. Clipboard works, too. I haven't worked with such a
system extensively enough to see if there are any glitches (such as copying
large amounts of stuff to the clipboard, etc.) but it should get the job
done for the truly paranoid.

I have a few items in the system folder presently aliased out onto other
disks - my Eudora Folder is on an encrypted partition, and there's no
reason one couldn't do this with the whole preferences folder and other
stuff.

>> If locking the startup volume turns out to be too much of a pain, one could
>> install trashguard from Highware software and set it to triple overwrite
>> deleted files, and otherwise not lock the startup partition.
>
>I'm guessing you already know this, but once you've written something
>to the disk you might as well assume it's there forever.  Triple overwrite
>of files will defeat Norton Utilities, but may not stop a determined
>opponent.

Right. I'm proposing this as a compromise if you wish to trade security for
convenience.

>Commercial data recovery services claim to be able to recover data
>after nine formats of the disk.  It is difficult to say for certain
>what the technical limits of this technology are.  For instance, maybe

Colin Plumb gave me estimates of what you needed to wipe a disk clean once,
which he researched for SFS. It depends on whether the erasure pattern is
custom designed for the data to wipe. It was something vaguely like (don't
quote me) 15 passes if custom designed, and 25 if not. This refers, as I
recall, to data freshly written to the disk. Data that hangs out for a
while 'leaks' deeper into the disk, with adjacent molecules becoming
aligned further between tracks and deeper into the disk and is harder to
erase. A dejanews search under colin's name should yield his extensive
posts on this topic.

Tom