From: Jim McCoy <mccoy@ccwf.cc.utexas.edu>
Date: Thu, 3 Jun 93 00:58:38 PDT
To: ryan@rtfm.mlb.fl.us (RYAN Alan Porter)
Subject: Re: Crypto anarchy in a VW? (not the bug)
In-Reply-To: <Pine.3.03.9306030237.F18959-b100000@rtfm>
Message-ID: <199306030835.AA23736@tigger.cc.utexas.edu>
MIME-Version: 1.0
Content-Type: text


Ryan Alan Porter <ryan@rtfm.mlb.fl.us> writes:
> Jim McCoy wrote:
[regarding why to use hardware for the encryption]
> > Speed.  No software implementation will be able to match a hardware DES
> > chip in total throughput. [...] There are cards out there that can do
> > this, and it doesn't really make sense not to offload this to an
> > external device. 
> 
> Yes, actually it does.  Hardware cannot be widely and freely distributed
> the way software can.  I am looking to write something that can protect
> EVERYONE, not just those people that can afford to buy some dedicated
> hardware.  

This is true, but I am not completely writing-off those without the ability
to get a hardware card: they will just have to put up with the, IMHO,
unbearable slowness of doing filesystem encryption through software.  I am
also examining the log-structured filesystem (Rosenblum and Osterhout) to
see if using that as the core to add the encryption to will make the system
useable without hardware.  Additionally, perhaps the fact that there is
some real use for a hardware DES card will get people to buy them and
increase their availability in general...

> Would PGP be so widespread today if it required a hardware coprocessor?

No.  Then again PGP is for encrypting _files_, not filesystems.  We are
talking several orders of magnitude difference in the amount of data you
are trying to force through them.  I guess part of the difference in
viewpoints we have is that I am spoiled on unix.  I have become used to the
high-bandwidth drives and networks that I use every day and would not be
able to stand the bottleneck created by doing the encryption in software.

> I like the whole Unix idea for PC's in general, and Linux in particular,
> but the fact remains that the people who need security the most (the
> average schmuck out there in the business world or the kid running a BBS)
> are most likely to be using a PC DOS-based system, and I am writing for them.

Yes, a crypto drop-in that works like Stacker would be a good thing to have
available and I wish you the best of luck in your efforts.  On the general
DOS side though, I can run DOS under linux and have a DOS filesystem within
a linux system as well (linux plug :)

Either way, good luck.

jim