From: Pavel Korensky <pavelk@dator3.anet.cz>
Date: Mon, 9 Dec 1996 04:33:48 -0800 (PST)
To: cypherpunks@toad.com
Subject: Protect against physical theft of the harddisk ??
Message-ID: <199612091234.NAA00444@zenith.dator3.anet.cz>
MIME-Version: 1.0
Content-Type: text/plain


Hello,

I have one problem which I would like to consult with you.
I need to protect the data on the computer harddisk against physical theft.

Current situation:

Computer with several harddisks - approx. 9 GB. On this computer, the following
OS are used: Linux, DOS, Windows NT. The data on this computer must be
accessible from all operating systems. Encryption of files must be transparent
to user and encryption algorithm must be "strong".

Because I am not able to find any disk encryption software which is able to run
on all these platforms, I decided to use the following temporary solution:

Add one more computer with Linux OS. On this computer, there will be only a
small root partition with necessary Linux components. All other disk space will
be encrypted with IDEA, using the /dev/loop. This machine will be some kind of
secure file server.
On the second machine, where the user works, there will be partitions with
operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT
and Linux. The data and application disks will be mounted via NFS and user will
work with files from file server.
The computers will be interconnected with Fast Ethernet. This mini-network is
NOT connected to the Internet, so the NFS (in)security should not be a problem. 
Also, both computers will be placed in the same room (distance approx. 3 m), so
there should be no problem with tapping/data capturing on the Fast Ethernet
connection.

I have the following questions.

Can anybody see some major security hole in this system ?
How fast will be this system ?
Anybody has any idea if there is some more sophisticated solution for this
problem ? 
Anybody heard about some strong disk encryption which is able to rund under
Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am
not able to find any disk encryption for NT.
Anybody is able to port Secure File System to Windows NT ? I am trying to port
this program under Linux, but I am not the NT system programmer.

Thanx for any comments, help, ideas etc.


Best regards


PavelK


--
****************************************************************************
*                    Pavel Korensky (pavelk@dator3.anet.cz)                *
*     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
*  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
****************************************************************************