Accessing NTFS Directories with Windows 95
Matthew B. Tepper
Compatibility," it says:
"Windows 95 can access files on HPFS or NTFS partitions on remote drives.
However, there is no built-in support in the release of Windows 95 for
adding either of these file systems as another installable file system
under Windows 95. Therefore, Windows 95 cannot access either an HPFS or
NTFS partition on a local disk drive by using the file system drivers
provided with Windows 95. (Other vendors, however, can add HPFS support.)"
Sounds pretty straightforward. However, one of our users needs to
continue to use Windows NT on his machine and still wishes to be able to
access files from a NTFS partition even if he installs Windows 95 on the
same machine. Does anybody know if there is a workaround or another such
enhancement planned?
Thanks in advance.
--
Matthew B. Tepper
Positive Support Review, Inc.
James Gerber
If he has NTFS partitions, they will be invisible under Windows 95.
Nothing I've seen will help you except for changing to FAT.
--
James Gerber Better Here Than Philadelphia!
jge...@omni.voicenet.com Why are you wasting your life reading signatures?
Jeffrey W. Fox
>On the August 1995 TechNet CD-Rom, under "Long Filenames and Network
>Compatibility," it says:
>"Windows 95 can access files on HPFS or NTFS partitions on remote drives.
>However, there is no built-in support in the release of Windows 95 for
>adding either of these file systems as another installable file system
>under Windows 95. Therefore, Windows 95 cannot access either an HPFS or
>NTFS partition on a local disk drive by using the file system drivers
>provided with Windows 95. (Other vendors, however, can add HPFS support.)"
>Sounds pretty straightforward. However, one of our users needs to
>continue to use Windows NT on his machine and still wishes to be able to
>access files from a NTFS partition even if he installs Windows 95 on the
>same machine. Does anybody know if there is a workaround or another such
>enhancement planned?
The only way this could be done is if the NT installation were using a FAT partition,
Windows 95 does not currently have an NTFS installable file system driver available
so Win 95 would not be able to read the partition (in any way including getting file
names from it). I've heard that MS has kicked around the idea of writing a
installable Win 95 file system driver for NTFS, but it wouldn't seem to make much
sense at this point due to the low demand. Best bet back-up the NT partition,
re-format it as FAT, reinstall NT and restore the original partition and then install
Windows 95.
Hope this helps, and have an NT Day !!!!
Jeff Fox
Tim Cutts (Zoology)
>tep...@psrinc.com (Matthew B. Tepper) wrote:
>>On the August 1995 TechNet CD-Rom, under "Long Filenames and Network
>>Compatibility," it says:
>>
>>"Windows 95 can access files on HPFS or NTFS partitions on remote drives.
>>However, there is no built-in support in the release of Windows 95 for
>>adding either of these file systems as another installable file system
>>under Windows 95. Therefore, Windows 95 cannot access either an HPFS or
>>NTFS partition on a local disk drive by using the file system drivers
>>provided with Windows 95. (Other vendors, however, can add HPFS support.)"
>>
>>Sounds pretty straightforward. However, one of our users needs to
>>continue to use Windows NT on his machine and still wishes to be able to
>>access files from a NTFS partition even if he installs Windows 95 on the
>>same machine. Does anybody know if there is a workaround or another such
>>enhancement planned?
>If he has NTFS partitions, they will be invisible under Windows 95.
>Nothing I've seen will help you except for changing to FAT.
There is of course a very sound reason for this. Windows 95 does not
support NT's access controls, so having 95 on the same machine as NT
and able to modify all NT's files makes a mockery of NT's file
protection. When MS said 'no back doors' they meant it!
Tim.
ron
>If he has NTFS partitions, they will be invisible under Windows 95.
>Nothing I've seen will help you except for changing to FAT.
Gee, I must have a see-through version of WIN95. It "sees" all of the
files allowed by the NTFS Permissions for a particular login in the
domain.
Ron
Kosten Metreweli
are on the server!
K
---------------------------------------------------------
Kosten Metreweli
Philips Research Laboratories
Phone: +44 (1293) 785544 EMail: kos...@prl.philips.co.uk
Direct:+44 (1293) 815162
---------------------------------------------------------
James Gerber
>jge...@omni.voicenet.com (James Gerber) wrote:
>
>>If he has NTFS partitions, they will be invisible under Windows 95.
>>Nothing I've seen will help you except for changing to FAT.
>Gee, I must have a see-through version of WIN95. It "sees" all of the
>files allowed by the NTFS Permissions for a particular login in the
>domain.
I think we are talking about 2 different things. You are talking
about using WIN95 to see files on a network server running NT.
I am talking about dual booting a single machine to Windows 95 and
attempting to see NTFS partitions.
Craig Knox
<r...@arrabiata.mpe-muc.de> wrote:
> jge...@omni.voicenet.com (James Gerber) wrote:
>
> >If he has NTFS partitions, they will be invisible under Windows 95.
> >Nothing I've seen will help you except for changing to FAT.
> Gee, I must have a see-through version of WIN95. It "sees" all of the
> files allowed by the NTFS Permissions for a particular login in the
> domain.
> Ron
Maybe you should read the preceding post? He wasn't talking about being
able to see them over a network, but being able to see them from the HDD.
Adam Hamilton
|> Windows 95 does not currently have an NTFS installable file system driver available
|> so Win 95 would not be able to read the partition (in any way including getting file
|> names from it). I've heard that MS has kicked around the idea of writing a
|> installable Win 95 file system driver for NTFS, but it wouldn't seem to make much
|> sense at this point due to the low demand.
Actually, MS has said that there will NEVER be an NTFS driver for Windows 95.
You want security, buy a secure system.
Thomas F Lee
ad...@festival.ed.ac.uk "Adam Hamilton" writes:
> Actually, MS has said that there will NEVER be an NTFS driver for
> Windows 95.
> You want security, buy a secure system.
Adam,
I think the issue is more NTFS's space utilisation and reliability rather
than it's security that some people (ie ME!) want. I have 2 2GB drives
here. I'd like them to be C: and D: - under FAT, this isn't really workable.
I'd settle for HPFS for Win 95, or even an non-secure version of NTFS.
And I'd even be willing to a) pay for it and b) buy more memory for
it.
But you're probably right that MS won;t do a version of NTFS for
Win 95. Shame.
My 2p worth,
Thomas
--
+-----------------+------------------------------+
! Thomas F Lee ! Voice: 01628 850 077 !
! t...@psp.co.uk ! Fax : 01628 850 143 !
+-----------------+------------------------------+
Peter da Silva
Tim Cutts (Zoology) <tj...@mole.bio.cam.ac.uk> wrote:
> There is of course a very sound reason for this. Windows 95 does not
> support NT's access controls, so having 95 on the same machine as NT
> and able to modify all NT's files makes a mockery of NT's file
> protection. When MS said 'no back doors' they meant it!
No sweat. Someone's gonna get an NTFS driver working under Linux, and
you can run that off a floppy. *Poof*.
--
Peter da Silva (NIC: PJD2) `-_-' 1601 Industrial Boulevard
Bailey Network Management 'U` Sugar Land, TX 77487-5013
+1 713 274 5180 "Har du kramat din varg idag?" USA
Bailey pays for my technical expertise. My opinions probably scare them
Dave Bartolomeo
>In article <42edho$b...@lyra.csx.cam.ac.uk>,
>Tim Cutts (Zoology) <tj...@mole.bio.cam.ac.uk> wrote:
>> There is of course a very sound reason for this. Windows 95 does not
>> support NT's access controls, so having 95 on the same machine as NT
>> and able to modify all NT's files makes a mockery of NT's file
>> protection. When MS said 'no back doors' they meant it!
This argument is completely bogus. Unless the computer is running NT,
the NTFS partition is not secure. A sector editor (run under any OS),
can easily get at the data on the NTFS drive. Under NT, you can't get this
kind of direct access to the hard drive without Administrator permission,
so it's secure. What other OS's allow is up to those OS's. All I have to
do to get at your files is use a simple sector editor running under an OS
that's not very protective of the hardware (DOS or Win95, for instance).
In fact, if I reinstall NT from floppies on your machine, I become the
Administrator, and I can get at those files under NT. The bottom line
is, if I can physically touch your computer, it's not secure.
Now, for my speculation about why there's no Win95 driver for NTFS...
It's just not worth it. The big advantages of NTFS (over FAT) are fault
recovery, security, and better allocation schemes. Under Win95, security
is not available, so you're left with fault recovery and allocation. Fault
recovery comes at the price of speed, so NTFS under Win95 would pretty much
be FAT, only a factor of two slower, and 10% more space efficient*. I don't
think that this is much of a win, so it's probably not worth investing in
the development effort to write an NTFS driver for Win95.
* I pulled these figures out of my ass, but I think they are in the right
ballpark.
>No sweat. Someone's gonna get an NTFS driver working under Linux, and
>you can run that off a floppy. *Poof*.
I heard that there was a read-only Linux driver available already. I
don't know any details.
-Dave
R S Rodgers
Matthew B. Tepper <tep...@psrinc.com> wrote:
>Sounds pretty straightforward. However, one of our users needs to
>continue to use Windows NT on his machine and still wishes to be able to
>access files from a NTFS partition even if he installs Windows 95 on the
>same machine. Does anybody know if there is a workaround or another such
>enhancement planned?
It's too bad that AST gets the Boneheads-of-the-Year-1995 award for
their defective BIOS, motherboard, and hilariously bad tower case design,
because MS's decisions wrt: file systems with Windows 95 and NT would
otherwise take the gold. For the moment, they get a silver.
Here's the situation. If you want to install 95 and NT on the same system,
you live with a pair of restrictions, some of which can be a real PITA if you
are forced to use 95 for any real length of time or have a lot of storage on
your machine.
1) If you use NTFS, Windows 95 will NOT SEE THAT PARTITION. A bonus is
that if you have an NTFS partition that is your system partition
but which is physically before another DOS FAT partition, you have
to put up with near-unavoidable drive lettr shuffling (caused
by problems with changing the drive letter of your NT system
partition)
2) If you use DriveSpace, which (when configured not to bother compressing)
takes care of FAT cluster ballooning, Windows NT will not be able
to see the Drivespace volumes.
What do these two restrictions mean?
If you do not want to invest the disk space in reproducing your setup
twice, that is, installing everything on both NTFS and on a drivespaced
volume (_you_ see how fat a 1.6GB FAT volume goes when you create hundreds
of sequential uncompressd TGAs prior to avi compression), you're stuck
with FAT. Plain FAT. FAT that doesn't even try to do anything about
clustersize or fragmentation.
--
---- Windows 95 and NT: IBM's OS choices for IBM hardware, x86 and PowerPC ----
"That's not our primary target. There are people out there who love
[OS/2 Warp] on the desktop, but our focus is on large enterprise customers."
-- chief executive officer Louis Gerstner (IBM) (July, 1995)
R S Rodgers
>booted inside OS/2, and not from pure DOS sessions. There may of
>course be another driver of which I am not aware.
There are several. None of them have anything to do with IBM. Some (two,
at least, possibly more) can be found on wuarchive.wustl.edu.
The problem is, they don't work with Windows 95. The proper way to
implement HPFS under 95 would be as an IFS. There were some ludicrious
and idiotic claims made during the beta about the memory requirements
of such a driver (along the lines of "you'd need 16MB instead of 8MB
for 95+HPFS" or "But the DOS real mode driver would be huge!") of which,
during discussions related to HPFS IFS for 95, these programs were very
useful in disproving. In particular, the 100-odd-kbyte command.com
clone that could read HPFS volumes and was written by someone puzzling
out the format instead of working with thorough documentation, was
particularly useful in dismissing that "problem".
Ralph Goers
:>
:>In article <42h9lv$3...@scotsman.ed.ac.uk>
I remember seeing a device driver that allowed DOS to read HPFS. Maybe it
works in Win95???
Jeffrey W. Fox
>>If he has NTFS partitions, they will be invisible under Windows 95.
>>Nothing I've seen will help you except for changing to FAT.
>Gee, I must have a see-through version of WIN95. It "sees" all of the
>files allowed by the NTFS Permissions for a particular login in the
>domain.
>Ron
Ron the original question concerned a Windows 95 "seeing" NTFS partitions residing
locally on the machine... not access NTFS partitions across a network. Of course
you can read NTFS partitions across a network any client OS capable of connecting
to an NT machine can do that (NT provides the translation).
Windows 95 (or for that matter any other OS besides NT)
CANNOT read NTFS drives residing locally.
Have an NT Day !!!
Jeff Fox
Tim Cutts (Zoology)
>In message <810314...@psp.co.uk> - Thomas F Lee <t...@psp.co.uk> writes:
>:>
>:>In article <42h9lv$3...@scotsman.ed.ac.uk>
>:> ad...@festival.ed.ac.uk "Adam Hamilton" writes:
>:>
>:>> Actually, MS has said that there will NEVER be an NTFS driver for
>:>> Windows 95.
>:>> You want security, buy a secure system.
>:>
>:>Adam,
>:>
>:>I think the issue is more NTFS's space utilisation and reliability rather
>:>than it's security that some people (ie ME!) want. I have 2 2GB drives
>:>here. I'd like them to be C: and D: - under FAT, this isn't really workable.
>:>I'd settle for HPFS for Win 95, or even an non-secure version of NTFS.
>:>And I'd even be willing to a) pay for it and b) buy more memory for
>:>it.
>:>
>:>But you're probably right that MS won;t do a version of NTFS for
>:>Win 95. Shame.
>:>
>:>My 2p worth,
>:>
>:>Thomas
>:>--
>
>works in Win95???
I doubt it very much. IBM's FSFILTER.SYS only works for real DOS
booted inside OS/2, and not from pure DOS sessions. There may of
course be another driver of which I am not aware.
Tim.
Joe Peterson
Not that it matters much, since HPFS and NTFS aren't the same,
but there is a shareware product called AMOS which is a native
DOS TSR that will let you read and write to HPFS drives. (The
unregistered version only lets you read from the drive.)
Basically, it goes through your disks looking for HPFS drives,
and gives each of them a new drive letter.
---------------------------------
Joe Peterson
Dolphin Systems, Inc.
West Palm Beach Florida
Joe Peterson
al...@noc.tor.hookup.net (Craig West) wrote:
>Joe Peterson (us01...@pop3.interramp.com) wrote:
>:
>: Not that it matters much, since HPFS and NTFS aren't the same,
>: DOS TSR that will let you read and write to HPFS drives. (The
>: unregistered version only lets you read from the drive.)
>: Basically, it goes through your disks looking for HPFS drives,
>: and gives each of them a new drive letter.
>:
>: ---------------------------------
>: Joe Peterson
>: Dolphin Systems, Inc.
>: West Palm Beach Florida
>
>settle for HPFS. It still requires moving the any existing data to set up,
>but HPFS has most of the features of NTFS except security, and is certainly
>an improvement over FAT. Where would I be able to find this AMOS?
>
>
I got it from Compuserve, back when I had an account with them. I've still
got a copy of it somewhere, and I could UUEncode a self-extracting ZIP of it
and email that to you, if you like. Send email if you're
interested.
Otherwise, contact the author directly at mer...@login.dknet.dk
------------------------
Joe Peterson
Dolphin Systems, Inc.
West Palm Beach, Florida
Joe Peterson
>Otherwise, contact the author directly at mer...@login.dknet.dk
I should add that a finger shows he hasn't logged into that account since July
3. The only alternate email address I have is 10032...@compuserve.com
Craig West
:
: Not that it matters much, since HPFS and NTFS aren't the same,
: but there is a shareware product called AMOS which is a native
: DOS TSR that will let you read and write to HPFS drives. (The
: unregistered version only lets you read from the drive.)
: Basically, it goes through your disks looking for HPFS drives,
: and gives each of them a new drive letter.
:
: ---------------------------------
: Dolphin Systems, Inc.
: West Palm Beach Florida
I think most people interested in using NTFS from Win95 would be willing to
settle for HPFS. It still requires moving the any existing data to set up,
but HPFS has most of the features of NTFS except security, and is certainly
an improvement over FAT. Where would I be able to find this AMOS?
--
Craig West Ph: (905) 821-8300 | It's not a bug,
Pulse Microsystems Fx: (905) 821-7331 |It's a feature...
2660 Meadowvale Blvd, Unit #10 |
Mississauga, Ontario, CANADA L5N 6M6 | cr...@pulsemicro.com
Charlie Beerman
us01...@pop3.interramp.com (Joe Peterson) wrote:
>
>I should add that a finger shows he hasn't logged into that account since
> July
That doesn't mean anything if he uses a SLIP or PPP account. If you finger
my account you'll see that I haven't "logged in" since July either, but I'm
on and read my mail almost every day. The finger command apparently only
knows about shell-mode logins.
=======================================================================
Charlie Beerman char...@ultranet.com
http://www.ultranet.com/~charlieb/
=======================================================================
Kevin Krieser
>ron <r...@arrabiata.mpe-muc.de> wrote:
>I think we are talking about 2 different things. You are talking
>about using WIN95 to see files on a network server running NT.
>
>I am talking about dual booting a single machine to Windows 95 and
>attempting to see NTFS partitions.
Someone would have to write a driver, like some have done for HPFS
under DOS. A read-only driver should be easier, so you wouldn't
risk corrupting the NTFS partition. It would be difficult to
write to a NTFS partition from Windows 95 anyway, since part
of the protection scheme isn't even in the filesystem, but is in the
registry.
Any security scheme, even if Microsoft doesn't release information about
NTFS, is ultimately futile if you have physical access to the computer. If
nothing else, just start reading the NTFS partition sector by sector from DOS/Windows,
and search for what you want to find.
-----------------------------------------
-- Kevin Krieser
-- Running with Warp Connect
-- Address: kkri...@ionet.net
Kevin Krieser
>you can read NTFS partitions across a network any client OS capable of connecting
>to an NT machine can do that (NT provides the translation).
>Windows 95 (or for that matter any other OS besides NT)
>CANNOT read NTFS drives residing locally.
You may say this, but during the Windows 95 beta, I attempted to share disks
between a Windows 95 computer and an OS/2 Warp Connect computer. Under the
FINAL BETA, I could not see any long filenames either direction (using the standard
W4Wgrps file sharing over TCP/IP). I was informed by SEVERAL people on the
Windows 95 preview forum on Compuserve that it was IMPOSSIBLE, since I did
not have an HPFS driver installed on my Windows 95 computer, and I didn't have
support in OS/2 for long filenames over FAT. I don't recall if any Microsoft personel
were involved in this discussion. Of course, I was talking about support over
a LAN!
With the June Test release, Microsoft had fixed half the problem. I could see the HPFS
partitions on the OS/2 Warp Connect computer from the Windows 95 computer, but Windows 95
still didn't export the long filenames to OS/2. I don't know about the release build of Windows 95,
since I haven't run Windows 95 since about the 23rd of August.
Tony Perry
>ad...@festival.ed.ac.uk (Adam Hamilton) wrote:
>>In article <42e65e$7...@condor.ic.net>, fo...@mail.ic.net (Jeffrey W. Fox) writes:
>>|> Windows 95 does not currently have an NTFS installable file system driver available
>>|> so Win 95 would not be able to read the partition (in any way including getting file
>>|> names from it). I've heard that MS has kicked around the idea of writing a
>>|> installable Win 95 file system driver for NTFS, but it wouldn't seem to make much
>>|> sense at this point due to the low demand.
>> Actually, MS has said that there will NEVER be an NTFS driver for Windows 95.
>>You want security, buy a secure system.
>dont be too sure about your NT systems being secure - i understand
>that LINUX has NTFS support, and you can boot it from a floppy !!
Jeez ... disable the floppy boot and put a password on your CMOS.
Yeah, then they can get inside your box and steel your disk drive.
So, put a lock on your box.
But, then they'll just steal your whole computer.
Put it in a vault, go in with it and pull the door closed after you.
Or, get a life ...
Chris Pirih
| In article <437qr1$s...@ionews.ionet.net>,
| Kevin Krieser <kkri...@ionet.net> wrote:
| > Any security scheme, even if Microsoft doesn't release information about
| > NTFS, is ultimately futile if you have physical access to the computer. If
| > nothing else, just start reading the NTFS partition sector by sector from DOS/Windows,
| > and search for what you want to find.
|
Do you know of any disk encryption software (or hardware, for that matter)
that works with NT? NTFS does not encrypt file data on the disk. A sector
editor can be used to recover NTFS file data with little effort. File
compression makes this somewhat harder, but far from impossible.
---
chris
Heath Hunnicutt
>In article <437qr1$s...@ionews.ionet.net>,
>Kevin Krieser <kkri...@ionet.net> wrote:
>> Any security scheme, even if Microsoft doesn't release information about
>> NTFS, is ultimately futile if you have physical access to the computer. If
>> nothing else, just start reading the NTFS partition sector by sector from
>>DOS/Windows, and search for what you want to find.
>Can you say "encryption"?
In the first place, I don't think NTFS encrypts the data on the drive. If
you have information to the contrary, I'd be very interested.
This brings up an interesting point, though. An inspired developer with
the DDK could definitely roll their own SCSI driver that encrypts blocks
on certain drives (say drives with SCSI ID!=1, so there would be a drive
to boot DOS on.) Probably, a really inspired developer could write a
"compression" driver for NTFS 3.51 that doesn't compress at all, but
encrypts instead.
This begs the question, though: where do you store the key? If it's on
the computer system, that system becomes vulnerable. If you opt for
typing in a passphrase, your keys will most likely be smaller. A dongle
would be ideal, since you could put it in your pocket when you shutdown
the computer. You could then store the dongle in a firesafe under a
pile of thermite reactants, with a blowtorch nearby.
The main problem I see with all this is the pagefile. You sure wouldn't
want it to go through an encryption layer (can you say "slow?"), and you
don't want who-knows-what sitting around in cleartext if you are interested
in compression. Tough problem. I suppose the driver could figure out
when the system is shutting down and wipe the pagefile, but I dunno...
Oh, yes, the encryption driver had sure better not store that key in
pageable memory.
(Aside: I'm sure someone will mail me saying that NT doesn't support
dongles. Well, the truth is that NT's parallel port driver doesn't
support dongles. If you were writing a file system driver, this is a
problem you could _easily_ get around.)
I have redirected followups to the Win95 and Windows NT misc groups,
since this thread seems to have an overly wide distribution.
Heath
If you are wondering why the "[++]" appears in the message subject, check
into SELF-DISCIPLINE at: http://www.eiffel.com/disciplin/index.html
Peter da Silva
Heath Hunnicutt <hea...@liquefy.ugcs.caltech.edu> wrote:
> pe...@nmti.com (Peter da Silva) writes:
> >In article <437qr1$s...@ionews.ionet.net>,
> >Kevin Krieser <kkri...@ionet.net> wrote:
> >> Any security scheme, even if Microsoft doesn't release information about
> >> NTFS, is ultimately futile if you have physical access to the computer. If
> >> nothing else, just start reading the NTFS partition sector by sector from
> >>DOS/Windows, and search for what you want to find.
> >Can you say "encryption"?
> In the first place, I don't think NTFS encrypts the data on the drive. If
> you have information to the contrary, I'd be very interested.
No, you need UNIX for that (CFS by Matt Blaze, works on top of any UNIX file
system, even over NFS). You could have a CFS box running Samba...
> The main problem I see with all this is the pagefile.
If it's worth it to you, don't have one. Just buy enough RAM you never
page.
Mike Frisch
: dont be too sure about your NT systems being secure - i understand
: that LINUX has NTFS support, and you can boot it from a floppy !!
If a user has physical access to your system, it's insecure-
plain and simple.
Mike.
--
====================================================================
Mike Frisch Email: mfr...@saturn.tlug.org
Northstar Technologies Compuserve: 76620,2534
Newmarket, Ontario, CANADA
Kevin Krieser
>In article <437qr1$s...@ionews.ionet.net>,
>Can you say "encryption"?
But you still have to be careful. For instance, if you implement encryption after the fact, such
as encrypting an existing file on disk, you have to be very careful to completely overwrite
the old file on disk. And, if you are really paranoid, you have to completely disable all virtual
memory. Otherwise, the unencrypted data may be paged out to the swap area. So, if this is
also not completely overwritten, it may be relatively easy to find on disk.
For the really paranoid, people with appropriate hardware might be able recover data from the
disk even if the file is overwritten once. Which is why certified disk wiping software can't just
format the drive, but must overwrite the disk with a specified sequence of data several times.
Peter Gutmann
>pe...@nmti.com (Peter da Silva) writes:
>>In article <437qr1$s...@ionews.ionet.net>,
>>Kevin Krieser <kkri...@ionet.net> wrote:
>>> Any security scheme, even if Microsoft doesn't release information about
>>> NTFS, is ultimately futile if you have physical access to the computer. If
>>> nothing else, just start reading the NTFS partition sector by sector from
>>>DOS/Windows, and search for what you want to find.
>>Can you say "encryption"?
>This brings up an interesting point, though. An inspired developer with
>the DDK could definitely roll their own SCSI driver that encrypts blocks
>on certain drives (say drives with SCSI ID!=1, so there would be a drive
>to boot DOS on.)
That's what I'm planning to do with SFS at some point (SFS is a DOS/Windows
transparent disk encryptor, you can get more info about it from
http://www.cs.auckland.ac.nz/~pgut01/sfs.html). The encryption will be done
as a Miniport driver when (if) MS release a final PDK.
>This begs the question, though: where do you store the key? If it's on
>the computer system, that system becomes vulnerable. If you opt for
>typing in a passphrase, your keys will most likely be smaller. A dongle
>would be ideal, since you could put it in your pocket when you shutdown
>the computer. You could then store the dongle in a firesafe under a
>pile of thermite reactants, with a blowtorch nearby.
Even nicer is a smart card with built-in protection against the info
being read out (of course you can still use electron beam testers and
thermal neutron imaging and the like to read the contents, but you can
encrypt the card contents as well to get around that).
>The main problem I see with all this is the pagefile. You sure wouldn't
>want it to go through an encryption layer (can you say "slow?"), and you
>don't want who-knows-what sitting around in cleartext if you are interested
>in compression. Tough problem.
You can wait till the paging system has shut down and then wipe the pagefile
afterwards (which is what SFS does with Windows). An easier alternative
is to lock the keys in memory so that they never get paged out (which the
next version of SFS will do for Windows - this is much easier than relying on
a pagefile wipe to get rid of them).
Peter.