From: edgar@spectrx.saigon.com (Edgar W. Swank)
Date: Mon, 31 Jan 94 08:24:27 PST
To: Cypherpunks          <cypherpunks@toad.com>
Subject: Bugs Reported in SecureDrive 1.3
Message-ID: <Ney1gc2w165w@spectrx.saigon.com>
MIME-Version: 1.0
Content-Type: text/plain


The following bugs have been reported in SecureDrive 1.3.  I have
already fixed these here, but I want to wait a short time before
releasing 1.3A to allow any more bugs which may be present to show up.

Please be aware of the following problems and try to work around them
as suggested until 1.3A is released.

Please report any further problems with 1.2 or 1.3 to

   edgar@spectrx.saigon.com (Edgar W. Swank)
======================================================================

               Bugs Reported in SecureDrive 1.3

The Version 1.3 key hashing mode that is supposed to be compatible
with version 1.1 isn't, the key is compatible, but the check bytes are
not.  This means you can't decrypt disks encrypted with 1.1 with 1.3.

This will not affect you if you don't already have any disks encrypted
with 1.1 and you want to stay compatible with 1.0 and 1.2. Go ahead
and install 1.3 and set environment variable

  SET SD10CMP=X

If you already have disks encrypted with 1.1, wait for 1.3A. If you
can't wait, decrypt with no TSR installed and CRYPTDSK 1.1. Then
Re-encrypt with 1.3 using either compatibility mode as you choose.

Note the 1.3 mode supposed to be compatible with 1.1 offers
essentially the same added security as 1.1.

There will be code in 1.3A to change any "orphan" 1.3 check bytes to
those compatible with 1.1 and 1.3A

If you have multiple encrypted Hard Disk partitions, and one is active
and you use CRYPTDSK to decrypt a different partition. Then the active
one stays active but is no longer being correctly decrypted by SECTSR,
leaving it in an UNSAFE condition until the next boot.  Fixed in 1.3A

Version 1.3 SECTSR is supposed to have a check so it doesn't get
installed more than once, but this doesn't work.  If you install 1.3,
make sure you don't install SECTSR twice in the same boot session.
Best to make your -only- call to SECTSR from AUTOEXEC.BAT and never
install it from the keyboard.

Cosmetic:  Several msgs in LOGIN/CRYPTDSK refer to "V 1.3" passphrases.
These references should more correctly be "V 1.1" since that was the
version that defined the new standard.  This would be even more
confusing now since V 1.3 is not completely compatible with V 1.1.

If LOGIN d:  /PGP is specified, but PGPPASS is set to incorrect
passphrase, the correct hard disk passphrase not prompted for.

--
edgar@spectrx.saigon.com (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca