From: JonWienk@ix.netcom.com
Date: Sun, 21 Jul 1996 04:56:51 +0800
To: cypherpunks@toad.com
Subject: Re: Opiated file systems
In-Reply-To: <199607191718.NAA04087@unix.asb.com>
Message-ID: <199607201848.LAA07682@dfw-ix10.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Here is an idea for implementing DuressSFS and/or NukeTheData functions on 
demand with plausible deniability for all (without all your keys, TLA's wouldn't 
know how many encrypted partitions you had:

1. Doing anything with the encrypted file system requires 2 keys.

2. The first key decrypts the FAT (the FAT info is always written to the disk 
encrypted) and an encrypted control sector, which is cylinder 0, head 0, sector 
JustAfterTheMBRAndPartionTable.  This control sector is divided into 16 32-byte 
(256-bit) fields or records.

3. If a hash of the key entered matches the undecrypted contents of record 0, 
(bytes 0-31) the EFS enters an infinite whole-drive encryption loop, using a 
hash of the key provided and any handy entropy, to produce a new key.  The EFS 
will produce new keys as frequently as possible by hashing any entropy it can 
gather while nuking the data on the drive. While this is happening, dummy 
messages should be displayed, such as "Starting Windows 95...", "An exception 
has ocurred at XXXX:XXXXXXXX  Press any key to continue." (when the entropy 
stock needs replenishment) or any other reasonably common startup messages. 
(NukeTheData) (TM)

4. If the first key is not the NukeTheData key, the EFS prompts for a second 
key.

5. After receiving the second key, the EFS hashes it and compares the hash to 
the data in the control sector records, and mounts any encrypted logical 
drive(s) with matching key hashes.

6. If an incorrect second key is entered X times(X between 3 and 20), 
(NukeTheData = True) is assumed, and executed.

Using this system, without the first key, it should be impossible to tell how 
many separate encrypted logical drives there are on the disk. Without the second 
key(s) the data in the ELD's should be worthless.  On bootup, the pass phrase 
entry screen should be designed to look exactly like the CMOS bootup password 
screen, and no messages indicating the existence of EFS should be displayed 
until after a correct 2nd key has been entered.  Why advertise your security 
measures?  Unless "they" have been tipped off to the fact that you use EFS, they 
can easily destroy all of the data through ignorance, especially if you have a 
PostIt note with the NukeTheData password/phrase (which wouldn't have to be 
"good"--you could use "GovtStupid" or something similar) stuck to the side of 
your monitor, and keep your mouth shut during interrogation.
Jonathan Wienke

"1935 will go down in history! For the first time a civilized nation has full 
gun registration! Our streets will be safer, our police more efficient, and the 
world will follow our lead in the future!"
--Adolf Hitler

"46.  The U.S. government declares a ban on the possession, sale, 
transportation, and transfer of all non-sporting firearms. ...Consider the 
following statement:  I would fire upon U.S. citizens who refuse or resist 
confiscation of firearms banned by the U.S. government."
--The 29 Palms Combat Arms Survey  
http://www.ksfo560.com/Personalities/Palms.htm

1935 Germany = 1996 U.S.?

Key fingerprint =  30 F9 85 7F D2 75 4B C6  BC 79 87 3D 99 21 50 CB