1996-12-11 - Re: Harddisk encryption ??

Header Data

From: ichudov@algebra.com (Igor Chudov @ home)
To: pavelk@dator3.anet.cz
Message Hash: 678b78c435e41c37b0b3f5dd23c12c310095594a4510b1c534597eaf8d8a5bb0
Message ID: <199612111610.KAA00971@manifold.algebra.com>
Reply To: <199612111316.OAA00245@zenith.dator3.anet.cz>
UTC Datetime: 1996-12-11 16:15:18 UTC
Raw Date: Wed, 11 Dec 1996 08:15:18 -0800 (PST)

Raw message

From: ichudov@algebra.com (Igor Chudov @ home)
Date: Wed, 11 Dec 1996 08:15:18 -0800 (PST)
To: pavelk@dator3.anet.cz
Subject: Re: Harddisk encryption ??
In-Reply-To: <199612111316.OAA00245@zenith.dator3.anet.cz>
Message-ID: <199612111610.KAA00971@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text


i definately see a problem.

you encrypt all your data on that another computer, and then send this 
data over your LAN in the clear. the data can be compromised by snooping
at the network connection.

that sux, although you are protected against "physical theft". 

I suggest that you use PGP and DOS partitions to keep your files
instead.

poka

igor

Pavel Korensky wrote:
> 
> Hello,
> 
> I am trying to post this message once more. It seems that my first message
> somehow didn't find the way to the mail-list.
> 
> I have one problem which I would like to consult with you.
> I need to protect the data on the computer harddisk against physical theft.
> 
> Current situation:
> 
> Computer with several harddisks - approx. 9 GB. On this computer, the following
> OS are used: Linux, DOS, Windows NT. The data on this computer must be
> accessible from all operating systems. Encryption of files must be transparent
> to user and encryption algorithm must be "strong".
> 
> Because I am not able to find any disk encryption software which is able to run
> on all these platforms, I decided to use the following temporary solution:
> 
> Add one more computer with Linux OS. On this computer, there will be only a
> small root partition with necessary Linux components. All other disk space will
> be encrypted with IDEA, using the /dev/loop. This machine will be some kind of
> secure file server.
> On the second machine, where the user works, there will be partitions with
> operating systems, necessary utilities and the TCP/IP stack for DOS/Windows, NT
> and Linux. The data and application disks will be mounted via NFS and user will
> work with files from file server.
> The computers will be interconnected with Fast Ethernet. This mini-network is
> NOT connected to the Internet, so the NFS (in)security should not be a problem. 
> Also, both computers will be placed in the same room (distance approx. 3 m), so
> there should be no problem with tapping/data capturing on the Fast Ethernet
> connection.
> 
> I have the following questions.
> 
> Can anybody see some major security hole in this system ?
> How fast will be this system ?
> Anybody has any idea if there is some more sophisticated solution for this
> problem ? 
> Anybody heard about some strong disk encryption which is able to rund under
> Windows NT, Linux and DOS ? It seems that the Win NT are the major problem. I am
> not able to find any disk encryption for NT.
> Anybody is able to port Secure File System to Windows NT ? I am trying to port
> this program under Linux, but I am not the NT system programmer.
> 
> Thanx for any comments, help, ideas etc.
> 
> 
> Best regards
> 
> 
> PavelK
> 
> 
> --
> ****************************************************************************
> *                    Pavel Korensky (pavelk@dator3.anet.cz)                *
> *     DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic      *
> *  PGP key fingerprint: 00 65 5A B3 70 20 F1 54  D3 B3 E4 3E F8 A3 5E 7C   *
> ****************************************************************************
> 



	- Igor.





Thread