1994-01-17 - SecureDrive 1.2 Distribution Halted

Header Data

From: edgar@spectrx.saigon.com (Edgar W. Swank)
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 539e59df1dca5e8535b59cf516aafd7a9c0457cf981745ff8c27566e041ce7e5
Message ID: <8s4agc3w165w@spectrx.saigon.com>
Reply To: N/A
UTC Datetime: 1994-01-17 17:14:01 UTC
Raw Date: Mon, 17 Jan 94 09:14:01 PST

Raw message

From: edgar@spectrx.saigon.com (Edgar W. Swank)
Date: Mon, 17 Jan 94 09:14:01 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: SecureDrive 1.2 Distribution Halted
Message-ID: <8s4agc3w165w@spectrx.saigon.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I am (temporarily) stopping further distribution of SecureDrive 1.2,
announced here a few days ago.  The reason is the recent announcement
of a version 1.1 by Mike Ingle which fixes one real bug and one (IMHO)
dubious security "hole" in version 1.0.  My version 1.2 does not have
these changes.  I hope to shortly announce version 1.3 which will
combine the function I added to 1.2, and the fixes Mike has added to
1.1, and a few other enhancements, if time permits.

I was overwhelmed with e-mail requests for 1.2.  I'm grateful for
these, especially the few who offered to place 1.2 on e-mail servers
and anonymous FTP sites. I have kept all your requests and I will
send you all a copy of version 1.3 as soon as it's ready.

I agree with Mike that anyone with more than one physical hard drive
should get version 1.1 now and switch to it.

If you have only one physical hard drive, my recommendation would be
to keep version 1.0 (or 1.2 if you already have it) and wait for
version 1.3.  This especially applies if you have more than a few
SecureDrive encrypted floppy disks, as switching from 1.0 (or 1.2) to
1.1 will require decrypting (with CRYPTDSK 1.0) and re-encrypting
(with CRYPTDSK 1.1) your HD partition and all your encrypted floppies.

The security exposure of all this plaintext data laying around during
conversion is probably more than the so-called "hole" fixed in 1.1.

In my opinion there is no "hole" if you have a good passphrase and
Mike's "fix" is inadequate for a weak passphrase.  It may have some
value for a very narrow range of marginal passphrases.

My apologies for the delay and confusion.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLTqhH94nNf3ah8DHAQEr1QP/eFlyD4Emt643hfkPS6HhCU08C8gF6qFy
OHOw9BaZZxgX23juL6LhKAnlVWOmstWaTiW9/eKJ67gFSabSRBN/YjlP4WWRLtix
naJViHRT7vn4zJvXmfpEsWcz1aDPTPJt4WwvRUvyvsB4bntorAQT5MJnByJFVYXB
mwq92f4gVes=
=zM9w
-----END PGP SIGNATURE-----

--
edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca






Thread