From: Joel McNamara <joelm@eskimo.com>
To: cypherpunks@toad.com
Message Hash: cdd41ab7504e02e1a4227b983189ea185249b7c2979d2ea49c9ba93a6240e789
Message ID: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>
Reply To: N/A
UTC Datetime: 1996-11-10 19:18:37 UTC
Raw Date: Sun, 10 Nov 1996 11:18:37 -0800 (PST)
From: Joel McNamara <joelm@eskimo.com>
Date: Sun, 10 Nov 1996 11:18:37 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: ideal secure personal computer system
Message-ID: <3.0.32.19961110111720.00e2eeec@mail.eskimo.com>
MIME-Version: 1.0
Content-Type: text/plain
See the CryptoBook link at http://www.eskimo.com/~joelm
While the concepts were originally developed for a laptop, they're easily
applied to a desktop machine running Win95.
Joel
>Here's a question: if one were designing for oneself a secure personal
>computer system, for use in, say, word processing, spreadsheet,
>communications, the usuals - what system would one purchase and how would
>one set it up?
>
>For example, on the Mac I would envision this as the ideal system:
>
>(1) Get a power mac
>(2) Partition the hard drive into two partitions:
> install the system folder on one and a copy of CryptDisk
> make this the startup partition and make it READ ONLY with aliases to
> folders you want to be modiyfable (such as Eudora Folder in the sys
folder)
> place these folders on the encrypted partition
>(3) Completely fill the other partition with a CryptDisk file so there is no
> room for other stuff to be written. Adjust the partition size if needed.
>(4) Install a screen saver (such as shareware Eclipse) that will password
lock
> the screen after a few minutes of inactivity, and set CryptDisk to
dismount
> the external partition after a few minutes of inactivity (or longer)
>
>This would be a basic setup. If one had more complex ideas, such as setting
>it up so casual onlookers would not notice the system was protected, you
>could do things like have a decoy normal partition with system folder to
>boot from by default, to be bypassed with an external locked system folder
>disk, after which one could dismount the decoy partition and mount the
>encrypted partition.
>
>If locking the startup volume turns out to be too much of a pain, one could
>install trashguard from Highware software and set it to triple overwrite
>deleted files, and otherwise not lock the startup partition.
>
>How would things work on Windows 95? I imagine most of the old DOS-based
>encryption utilities may have compatibility problems with W95. What would a
>similar ideal system be for a PC?
>
>Tom
>
>
>
>
Return to November 1996
Return to “tom bryce <tjb@acpub.duke.edu>”