A review of Scramdisk
Sam Simpson
Thanks for your post. You make plenty of good points, if I can address a
couple of the more important ones:
i) The UI. Yes, its isn't perfect. But to be honest, redesigning the UI is
a fairly trivial task (at least compared to doing the low level driver
work!). The program was released 'as is' so that development can be
continued by you chaps on the web. The author, unfortunately, has had to
drop development.
ii) The Random Number creation. As you point out this is a 'do once' event.
This part of the program was produced before Yarrow was introduced. Again,
maybe someone on the web will add this feature.
iii) VXD. The driver is written as a VXD and you therefore don't need the
ScramDisk app to be able to access a ScramDisk volume....
iv) Cipher Drop-in. Totally agree on this point. The author was talking
about changing the program slightly to facilitate this (e.g. use a Drop Down
box rather than loads of Radio Buttons) and change the code so that all
crypto is in one module rather than duplicated twice).
v) Blowfish. Not sure which version is used. I'm sure someone will check
the source code. The version used matches the Counterpane test Vectors.
Thanks again for your comments on the program. If you or anyone else is
considering developing the program further please contact me so I can
co-ordinate the development effort and try and keep a 'definitive' version
of the program.
Sam Simpson,
Comms Analyst.
C. Peter Constantinidis wrote in message
<35aecf43...@lh2.rdc1.sdca.home.com>...
>The program's webpage discussed here is at: http://www.hertreg.ac.uk/ss/
>
>Hi, I used to have a Mac years ago, but for the last long while I've had a
>Windows machine. One thing I always missed about the Mac was the fact that
>it had virtual disk encryption tools that Windows never really had in a
>widely accessible easy to use form until now. Windows always had
individual
>per-file encryption but that was a pain in the ass. Containers are where
>it's at, because you can just move use and run from within the containers
>without having to deal with the hassle of individually working on files.
>
>Anyways today for the first time I installed Scramdisk. I have not tried
>any of the other alternatives but I like the fact that it's free and that
>the source code is availiable for review, and especially that it's Win98
>compatible.
>
>The user interface to the program needs work. It needs to be redesigned a
>little better and doesn't totally take into account that I'm using 'large
>fonts' on the main window. Not all things are intuitive. You will need a
>medium level of competence in computers to be able to use this program,
>fortunately it doesn't suffer from bloatware featuritis so the learning
>curve is fairly quick. I also suggest the program's author takes a look at
>Yarrow from Counterpane to generate the random #s rather than forcing
people
>to click a lot (not that it's a big deal really since it's a one time only
>deal).
>
>I created a test container file and on my k6-233 oc'ed to 249/83, it took
>about '10 seconds' for windows 98 to move a 10 meg mpeg1 video file
>according to the windows dialog into the container. I then played the
video
>file from the container and looked at the statistics when it was done and
it
>didn't drop a single frame, so I am quite satisfied that the blowfish
>implementation in the container is quick, and efficient. I did wonder if
>the blowfish implementation the author put in contains the 'bug' mentioned
>on the blowfish page, but I assume it doesn't because there is a link to
>that same page, so the author must have seen it. One thing I will have to
>experiment with further, is that Scramdisk allows you a 'timeout' option
>where it will close the partition after a certain period of inactivity, but
>I notice that I am able to close the scramdisk application program, and
>continue working with the partition/container file but it doesn't
>automatically close, and I have to reload scramdisk to 'dismount' the
>partition, so from experimentation, the program needs to be running for
this
>timeout feature to work. I recommend the program minimize to the 'icon
>corral' next to the clock on the start bar that way it is 'always running'
>in a less visually obvious way so the temptation is lessened for people to
>close the program. I am puzzled why I seem to be able to move/use files
>into/from the container, even if the scramdisk application is not running
at
>that precise moment. Perhaps due to the vxds? I hope the author will
>clarify this point.
>
>I hope at some point the program is made more modular to support 'drop in'
>ciphers rather than requiring a source code rewrite every time as it is in
>the existing version; and partition/container file resizing if possible.
It
>also seems as if the program is limited to just 4 open containers, I
propose
>that it open up to the maximum Z drive letter.
>
>Anyways in summary, this program works, and does what it claims to do. I
>love this program and a thumbs up to Aman and everyone else who worked on
it
>with him and I hope it continues to be developed further.
>
>Best,
>P.
>
>--
>p...@shaw.wave.ca
>DSS/D-H: 0x81F1BC09 DFD1 D149 40BD 8139 05D5 D8FA 2BA4 E143 81F1 BC09
> RSA: 0x6DC376E5 0AE1 0FB7 A43A 0818 3EC4 F2DD 1458 EFCE
aman
Constantinidis) wrote:
>The program's webpage discussed here is at: http://www.hertreg.ac.uk/ss/
>
>Hi, I used to have a Mac years ago, but for the last long while I've had a
>Windows machine. One thing I always missed about the Mac was the fact that
>it had virtual disk encryption tools that Windows never really had in a
>widely accessible easy to use form until now. Windows always had individual
>per-file encryption but that was a pain in the ass. Containers are where
>it's at, because you can just move use and run from within the containers
>without having to deal with the hassle of individually working on files.
>
>Anyways today for the first time I installed Scramdisk. I have not tried
>any of the other alternatives but I like the fact that it's free and that
>the source code is availiable for review, and especially that it's Win98
>compatible.
>
That was a pain....
>The user interface to the program needs work. It needs to be redesigned a
>little better and doesn't totally take into account that I'm using 'large
>fonts' on the main window.
As I've said elsewhere, the fonts are selected to stay with the
icons....
> Not all things are intuitive. You will need a
>medium level of competence in computers to be able to use this program,
>fortunately it doesn't suffer from bloatware featuritis so the learning
>curve is fairly quick. I also suggest the program's author takes a look at
>Yarrow from Counterpane to generate the random #s rather than forcing people
>to click a lot (not that it's a big deal really since it's a one time only
>deal).
>
>I created a test container file and on my k6-233 oc'ed to 249/83, it took
>about '10 seconds' for windows 98 to move a 10 meg mpeg1 video file
>according to the windows dialog into the container. I then played the video
>file from the container and looked at the statistics when it was done and it
>didn't drop a single frame, so I am quite satisfied that the blowfish
>implementation in the container is quick, and efficient. I did wonder if
>the blowfish implementation the author put in contains the 'bug' mentioned
>on the blowfish page, but I assume it doesn't because there is a link to
>that same page, so the author must have seen it.
I have. and have checked the source, as can you. It wasn't that
particular implementation...
> One thing I will have to
>experiment with further, is that Scramdisk allows you a 'timeout' option
>where it will close the partition after a certain period of inactivity, but
>I notice that I am able to close the scramdisk application program, and
>continue working with the partition/container file but it doesn't
>automatically close, and I have to reload scramdisk to 'dismount' the
>partition, so from experimentation, the program needs to be running for this
>timeout feature to work.
This shouldn't be the case. The program is supposed to re-execute on
the timeout. to check for open files, and close down the disk in an
orderly manner....
The VxD driver calls _SHELL_ShellExecute to restart the scramdisk
application, if it isn't currently executing. The logic goes as
follows:
1: On system start up, no ciphered disks are present.
2: The Win32 application has therefore to be used to open any disks..
3: The Win32 application informs the driver of its execution path
4: The driver makes a copy of the path
5: When the application is closed the driver is informed
6: When Timeout occurs, (counted by the driver) the driver uses the
Path from 3 to restart the app.
7: The App then posts the driver its main window handle so the driver
can talk back to it
8 The application closes the disks, if it can, depending on open files
and "brutal" mode..
Note that this mechanism won't work if the exe was on a (no longer
present) removable disk.... The exe Must be in its original place for
timeout to function...
I am looking into this apparent bug, which I've never seen happen....
> I recommend the program minimize to the 'icon
>corral' next to the clock on the start bar that way it is 'always running'
>in a less visually obvious way so the temptation is lessened for people to
>close the program.
The program (win32 App) was deliberately designed so it *could* be
closed down. Indeed on timeout, it restarts in minimized mode, and
immediately shuts down again afterwards.
If there is a bug on the timeout on some systems, I'll have to take a
closer look at it...
> I am puzzled why I seem to be able to move/use files
>into/from the container, even if the scramdisk application is not running at
>that precise moment. Perhaps due to the vxds? I hope the author will
>clarify this point.
VxD. There is but one...
The driver code (Sd.VxD) does the ciphering for the disks in normal
use...
Therefore the Win32 app does not need to be running. Indeed the cipher
code _has_ to be in the device driver VxD, as the code runs in Ring 0,
rather than Ring 3... You can't have the cipher code in ring3
(scramdisk app space) as it may just well get paged out, when the disk
activity causes a context switch, which it often does!
The cipher code in the Win32 app is used in the partition/container
creation. This was originally done, so that people could see exactly
what code was creating their disks, as I originally didn't intend to
release the VxD code. The rationale was that the disk creation code
should have been enough to prove the absence of back doors etc.
After all, the VxD could be viewed as software which gets presented
with data created by totally independent code (the Win32 app. as is
the case now) thus proving the absence of a back door, which would
necessarily have to be set up by the creator of the data, not the
receiver of it (the VxD) Since then, I've been persuaded to release
the lot... but the legacy still remains..
>
>I hope at some point the program is made more modular to support 'drop in'
>ciphers rather than requiring a source code rewrite every time as it is in
>the existing version;
This is actually going to be harder that it first appears.
First the cipher code for the disk has got to be in a VxD and must
execute at Ring 0, and the static data be in a locked buffer. There
isn't a DLL equivalent for VxDs.....
>and partition/container file resizing if possible.
A bloody pain.Easier to create a new one and copy the files..
Otherwise it's about messing around with DOS structures, rebuilding
Fat tables etc... If I was that bright, I could have written partition
magic and made a fortune....
>It
>also seems as if the program is limited to just 4 open containers, I propose
>that it open up to the maximum Z drive letter.
An option for the future... bearing in mind that each potential disk
needs buffer space which needs to be static, below 16Mbyte boundary..
>
>Anyways in summary, this program works, and does what it claims to do. I
>love this program and a thumbs up to Aman and everyone else who worked on it
>with him
Just Sam and me...
>and I hope it continues to be developed further.
Thanks for all your kind comments.
If anyone else has any info on this apparent time out problem, could
they mail their findings to Sam ?
>
Regards,
Aman.
aman
(or anywhere else later) when it normally does after a few minutes
--------
aman
Constantinidis) wrote:
>On 17 Jul 1998 14:16:49 -0500, in alt.security.pgp an...@author.prg (aman)
>wrote:
>
>>As I've said elsewhere, the fonts are selected to stay with the
>>icons....
>
>The problem is this is in reference to the 'first 8' hard disk volumes or
>whatever. The window of Scramdisk is non-resizable, so the window frame is
>cutting off parts of the fonts so you can't read them.
>
I have now seen this, and will make a modification..
>I have found a number of win98 bugs so far:
>
>>This shouldn't be the case. The program is supposed to re-execute on
>>the timeout. to check for open files, and close down the disk in an
>>orderly manner....
>>The VxD driver calls _SHELL_ShellExecute to restart the scramdisk
>>application, if it isn't currently executing. The logic goes as
>>follows:
>
>This isn't happening. Just to try to test this out, I set a timeout to 3
>minutes, and the screensaver to 4 so I would know when a good time to check
>the computer was. Exited most applications, didn't touch the keyboard or
>the mouse. Nothing happened. After 4 minutes, I ran scramdisk, and it
>immediately unmounted the partition. But it wasn't able to do it until I
>ran it manually. I didn't change the location to a weird one, it's still
>installed in the start menu group at:
I might add a tick box, to ensure scramdisks stays on the task bar,
when timeout is enabled, and get it to quit after time out.
>C:\WINDOWS\Start Menu\Programs\Scramdisk
>I don't have brutual dismount checked on or the close fileviewer windows,
>but do have 'attempt dismount' timeout at 3 minutes and 'enable timeout'
>checked.
>
>Now Scramdisk seems buggered.. The 3 icons that used to be at the bottom for
>the two hard disks and the cdrom are no longer there. If I click on the
>tree view it's now showing that I have 8 jettico bestcrypt devices installed
>as well as the other 3 physical devices. But it only started displaying
>these anomalies AFTER the 'timeout' expired and I manually ran scramdisk at
>which point it auto-dismounted the disks. Prior to that it was fine.. I
>imagine that something is iffy somewhere, since I don't actually have any
>bestcrypt junk running right now..
Yes but you still have the 8 BestCrypt devices set up on a port
driver, and the code believes them to be real drives. You need to
uninstall it, in the device manager. Bestcrypt works by simulating
physical disks in a port driver, which scramdisk then sees as real
disks. IMV this is unnecessary. Scramdisk does not need to use a port
driver...but it is perfectly legitimate to install a Scramdisk
container on a Bestcrypt drive....
>I installed the demo last night to take a
>look at it, but I'm not actually using the program at the present time..
>The timeout bug I refer to existed before I installed bestcrypt to play with
>it btw.
>
>>Therefore the Win32 app does not need to be running. Indeed the cipher
>>code _has_ to be in the device driver VxD, as the code runs in Ring 0,
>>rather than Ring 3... You can't have the cipher code in ring3
>>(scramdisk app space) as it may just well get paged out, when the disk
>>activity causes a context switch, which it often does!
>
>I don't know if this matters, but I have another application also using ring
>0. Cpuidle (rather popular).. it puts the cpu into power saving mode every
>time it reports that it's not doing anything, HLT instructions.
>
It could be... My version of win98 works ok... As I said, I'll add an
option to leave Sd running on the taskbar if timeout is enabled, until
it has finished its work...
>>An option for the future... bearing in mind that each potential disk
>>needs buffer space which needs to be static, below 16Mbyte boundary..
>
>Gotcha, what about the way SCSI manages junk through ASPI or whatever?
>
Scramdisk works on a level lower than this. However some SCSI drivers
require some of its data in low memory. Others don't care...
Thanks for your feedback. It is only by reporting such errors, we can
try and resolve them. My systems, work perfectly well!
One problem I have is following partition chains. Anyone know how to
determine the use of Dword offset, Dword size, V cyl/head/track in a
partition record ? The fields in the DCB_bdd (apparent SPT NumHEADS)
are not set up correctly on some SCSI cards so I use the DWORDS which
on all the machines I've tested. I have however had one SINGLE report
of a gross parition list on an IDE drive... reporting -43457394 (or
so) sectors etc. This must be because the Dwords in his EXT DOS
partition chain as above are not set correctly/corrupted. I would
appreciate any help on this issue... Sorry if that's getting a little
off topic though...
Regards,
Aman
>Best,
>Peter.
Chris Lawrence
on Sat, 18 Jul 1998, Anonymous wrote:
>The bottom line is that, assuming nobody turns up any serious crypto
>weaknesses, we have the FIRST person willing to release a FREEWARE
>95/98 disk encryption program and we need to work with him and support
>him in his efforts. We as users tend to get picky, but remember the
>price and don't discourage good freeware authors (you didn't, but I
>can see it coming from somebody).
Well, I certainly second those comments. If it does the job and needs
polishing, then we are free to polish it. The source is there.
--
Chris http://www.spacetime.demon.co.uk/index.html ICQ 9898144
Liverpool, UK Please replace 'news' with 'news00' to reply by email
"Because merdiverous jobberknowls like you need fedity translated.." {R}
Grinch
>Peter,
>
>ii) The Random Number creation. As you point out this is a 'do once' event.
>This part of the program was produced before Yarrow was introduced. Again,
>maybe someone on the web will add this feature.
>
>Comms Analyst.
in response to:
>C. Peter Constantinidis wrote in message
><35aecf43...@lh2.rdc1.sdca.home.com>...
>
>>curve is fairly quick. I also suggest the program's author takes a look at
>>Yarrow from Counterpane to generate the random #s rather than forcing
>people
>>to click a lot (not that it's a big deal really since it's a one time only
>>deal).
Be careful here Sam.
Yarrow is a PRNG, and not a RNG. It requires a random seed, which is
what is being generated when you "click a lot". There are other
user-interface ways to gather entropy besides clicking; and there are
non-UI ways to get entropy too. This is a small field unto itself.
Netscape wound up on the cover of the New York times when they did
what "looked right" to them, and they have substantially greater
engineering resources than you do. The fellow who did that crack,
David Wagner, has an excellent web page with links.
You can find it at:
http://www.cs.berkeley.edu/~daw/netscape-randomness.html
Grinch
Lincoln Yeoh
Both 32MB RAM, Pentium 166, decent 2D video cards.
Minor cosmetic issues:
The labels for the Disk icons get chopped off at the bottom on my Windows
950a. The window only supports 8 partitions/drives (I've got more than 8!),
but I don't really care about this so nevermind.
Small issues:
On my OSR2, when I am copying a lot of stuff to my encrypted drive from a
nonencrypted drive, I notice that the mouse pointer stops moving and pauses
from time to time, this is a bit annoying. This also happens when I copy a
lot of stuff in the encrypted drive to another directory.
I didn't seem to notice this on my Windows 950a, I'll check this out again-
maybe it does. My OSR2 has full 64K lookahead in the control panel
performance settings.
An issue:
I tried defragging a drive containing my .svl file whilst it was mounted,
just to see what would happen. I could do a explorer directory list without
affecting the defrag (perhaps it's cached?) Then I tried accessing a file
on the encrypted drive. I got a blue screen, telling me that Scramdisk has
dismounted the drive, and I should do a dismount and remount again. I
didn't seem to have any problems- no apparent loss or corruption of data,
however I did not try to do any writes. I may be nuts but not that nuts..
Perhaps Scramdisk should "lock" or fully book the entire file whilst it's
mounted. I dunno why defrag still could move it- I dunno if it is ok, but
my intuition tells me that it is not a good thing, it might be ok now, but
one day it won't be..
Features I'd like to have.
1) I haven't figured a way to change the passphrase for a disk, so far it
seems like I've got to create a new one and copy stuff over. Is there such
a password change feature? Would be good to have.
2) Hotkey/quick dismount. A quicker way to dismount all encrypted drives
and flush passwords (no prompts) would be nice to have. User Hotkey would
be excellent. Apparently windows can associate keys with tasks, maybe can
use that.
3) Make it easier to mount drives. When drives are to be mounted perhaps an
automatic prompt for a password if none has been specified, or if none
match (a cancel button should be present as well). Also Scramdisk should be
associated with .svl files, when you double click on them, Scramdisk will
attempt to mount the file(s) as a drive and prompt for a password if
necessary. This would be cool, since you can then mount disks with
shortcuts in your Startup folder.
4) Low priority wish: DOS version, so can boot from floppy and still mount
drives/floppies. But the work/benefit ratio is not good, so can forget it
this.
So far so good, I haven't found any serious bugs, and I'm the sort who
tends to find bugs (even when I follow instructions word for word). But the
mouse pointer pausing/locking is annoying - may it's my hardware/drive???
Hope not- pausing doesn't happen when copying on nonencrypted drives only.
Have fun!
Link.
**************************************************
To reply, email lyeoh at pop point jaring point my
No spam please! Spam to redhe...@ocean.org.my
If you can't figure it out, annoy someone else.
**************************************************
Chris Lawrence
on Wed, 22 Jul 1998, Lincoln Yeoh wrote:
>The labels for the Disk icons get chopped off at the bottom on my Windows
Same here.
>On my OSR2, when I am copying a lot of stuff to my encrypted drive from a
>nonencrypted drive, I notice that the mouse pointer stops moving and pauses
>from time to time, this is a bit annoying. This also happens when I copy a
>lot of stuff in the encrypted drive to another directory.
Same here.
>Features I'd like to have.
>1) I haven't figured a way to change the passphrase for a disk, so far it
>seems like I've got to create a new one and copy stuff over. Is there such
>a password change feature? Would be good to have.
The author explains that this is not possible and why.
>match (a cancel button should be present as well). Also Scramdisk should be
>associated with .svl files, when you double click on them, Scramdisk will
>attempt to mount the file(s) as a drive and prompt for a password if
>necessary. This would be cool, since you can then mount disks with
>shortcuts in your Startup folder.
The author also explains the reasoning behind not doing this.
Sam Simpson
Specifically to the point RE BestCrypt, this is a known bug (nobody is
perfect!) and will be fixed in the next release (v2.01?).
Just to let everyone who is interested in ScramDisk (I may make a mailing
list!), several companies are interested in helping with an NT version,
though a timescale is not available yet. A new User Manual is being
produced which should hopefully be available next week.
Thanks for all the feedback, keep it coming!
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Bear wrote in message <35b7d316...@news.alt.net>...
>Hi,
>I have just tried Scramdisk on two systems. One is a 5x86-133 SCSI
>system with several large drives. The other is a P166 EIDE machine.
>Both are running under Win98. Overall the authors seem to be doing an
>excellent job and the program is looking very good.
>
>That said, I have a few observations anyway:
>
>Volume size: It would be nice if the program could support volume
>sizes up to the FAT16 limit of 2GB. I rarely use volumes smaller than
>2GB (the limit with Best Crypt). Is the Scramdisk 999MB limit
>changeable?
>
>Possible conflict with Best Crypt: Installing Best Crypt after
>installing Scramdisk on the IDE system seems to break Scramdisk.
>Either Scramdisk ignores attempts to mount volumes or it gives error
>messages. Un installing Best Crypt then fixes Scramdisk. On the SCSI
>system with Best Crypt already installed, any attempt to run Scramdisk
>produces invalid page faults and gets shut down by Windows. I have not
>tried un installing Best Crypt on the SCSI system.
>
>Formatting: In the case of creating a volume file on an already
>formatted host drive it would be nice to have the option to perform a
>quick format and skip verifying the media again. Especially on SCSI
>systems with defect management.
>
>
>Many thanks to the program authors!
>
>Bear
Sam Simpson
will keep you informed as to when it is available.
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Chris Lawrence wrote in message ...
>In news article <35b5e07f...@nntp.jaring.my>
>on Wed, 22 Jul 1998, Lincoln Yeoh wrote:
>
>>The labels for the Disk icons get chopped off at the bottom on my Windows
>
>Same here.
>
<snip>
aman
wrote:
>OK I'm checking Scramdisk out, on OSR2 and Windows 950a.
>
>Both 32MB RAM, Pentium 166, decent 2D video cards.
>
>Minor cosmetic issues:
>The labels for the Disk icons get chopped off at the bottom on my Windows
>950a. The window only supports 8 partitions/drives (I've got more than 8!),
>but I don't really care about this so nevermind.
Both these are fixed.. 16 drives allowed now... I ran out of space
too!
>
>Small issues:
>On my OSR2, when I am copying a lot of stuff to my encrypted drive from a
>nonencrypted drive, I notice that the mouse pointer stops moving and pauses
>from time to time, this is a bit annoying. This also happens when I copy a
>lot of stuff in the encrypted drive to another directory.
There isn't all that much I can seem to be able to do about this. It
does not generally happen on '98 or the original version of W95,
except when the cipher code is complex/slow (EG 3Des)
The system cannot task switch while decoding the buffers, and to ease
the problem I have simply reduced the buffer sizes. For large blocks
of data, this means more calls to the disk devices, which then allow
context switches, as they block the current thread. which I am not
allowed to block for technical reasons... (Ring 0 CPU operation is
co-operative, not pre-emptive)
It is also true that the problem is more apparent with slower Cpus for
obvious reasons.
>
>I didn't seem to notice this on my Windows 950a, I'll check this out again-
>maybe it does. My OSR2 has full 64K lookahead in the control panel
>performance settings.
>
>An issue:
>I tried defragging a drive containing my .svl file whilst it was mounted,
>just to see what would happen. I could do a explorer directory list without
>affecting the defrag (perhaps it's cached?) Then I tried accessing a file
>on the encrypted drive. I got a blue screen, telling me that Scramdisk has
>dismounted the drive, and I should do a dismount and remount again. I
This particular problem has arisen time and time again on the
newsgroup:
"comp.os.ms-windows.programmer.vxd" and no one seems to know a
solution. It is a classic problem with files opened in Ring 0 by VxD
>didn't seem to have any problems- no apparent loss or corruption of data,
>however I did not try to do any writes. I may be nuts but not that nuts..
You will simply get the blue screen again.... The file at this point
has been _firmly_ closed by the operating system, and will _not_
accept any more data.. The message is clear. *Don't* defrag the host
disk. You can however defrag the Scramdisk drive. Perhaps there is a
way round this I don't know.... But the OS could have checked for open
files on the drive (if they are not its own) and prevented defrag from
running....
>Perhaps Scramdisk should "lock" or fully book the entire file whilst it's
>mounted.
One can only use the services of "IFSMgr_Ring0FileIo" calls which
allow open in exlusive or shared mode. But there is no facility which
AFAIK will stop defrag and the os from causing this trouble. I can
only react to the file system error as it occurs...
>I dunno why defrag still could move it- I dunno if it is ok, but
>my intuition tells me that it is not a good thing, it might be ok now, but
>one day it won't be..
This is nothing to do with me. If defrag and the OS close my file, I
can't do anything about it. Bear in mind those of you with Windows
knowledge that the handle *isn't* a standard windows "HANDLE" but a
special ring0 file handle which is very different...
>
>Features I'd like to have.
>1) I haven't figured a way to change the passphrase for a disk, so far it
>seems like I've got to create a new one and copy stuff over. Is there such
>a password change feature? Would be good to have.
>
I respond to this issue in another thread. The reasoning is reasonable
in my view...
>2) Hotkey/quick dismount. A quicker way to dismount all encrypted drives
>and flush passwords (no prompts) would be nice to have. User Hotkey would
>be excellent. Apparently windows can associate keys with tasks, maybe can
>use that.
I can think on this...... Hotkeys can be set up by the VXD driver
easily enough...
What should the Hotkey do, if you have open files on the Scramdisk ?
The hotkey would have to operate in the context of the device driver,
whiich _isn't_ a thread or task, but a static link into the
IOS.Therefore any hotkey could not be implemented in the context of
any task, and would have to be global and *unique* to the ScramDisk
driver, and soley owned by it. As such it would need to be
configurable. Would it be too much to expect the users to enter the
correct Scan code, for their chosen HOT key(s) ?
>
>3) Make it easier to mount drives. When drives are to be mounted perhaps an
>automatic prompt for a password if none has been specified, or if none
>match
> (a cancel button should be present as well).
There is one on the password input dialog.... (?)
> Also Scramdisk should be
>associated with .svl files, when you double click on them, Scramdisk will
>attempt to mount the file(s) as a drive and prompt for a password if
>necessary. This would be cool, since you can then mount disks with
>shortcuts in your Startup folder.
This involved the registery, the use of which I want to avoid. However
I intend to look at methods whereby you can "do it yourself" if that
is what the user wants. But I shall *never* enforce the use of the
registery on a program like this. Indeed the rationale of the software
has been arranged so it can quite do without it.
>
>4) Low priority wish: DOS version, so can boot from floppy and still mount
>drives/floppies. But the work/benefit ratio is not good, so can forget it
>this.
There is a dos version that can handle partitions on INT13H drives
ONLY However files are out, because DOS being none - reentrant means
you have to access the sectors yourself, either via the device driver
or the INT13H bios.
It would have been very nice to run the whole of Windows 95/8 from a
scramdisk volume, but I don't think you could, because real mode
takeover by the 32 bit code expects the disks it takes over, to be in
the clear. It could perhaps be done, but only by the expedience of a
BIOS hook and windows running the disk from MSDOS mode.....
>
>So far so good, I haven't found any serious bugs, and I'm the sort who
>tends to find bugs (even when I follow instructions word for word). But the
>mouse pointer pausing/locking is annoying - may it's my hardware/drive???
>Hope not- pausing doesn't happen when copying on nonencrypted drives only.
Reduction of the buffer size, may help here. But if you are using 3Des
or Misty (need assembler version of this) *expect* this.... Also you
should seriously consider disabling your write behind cache too. (For
reasons other than the use of Scramdisk...)
Regards,
Aman.
aman
Naylor) wrote:
>nos...@pd.jaring.my (Lincoln Yeoh) wrote:
>
>>Features I'd like to have.
>>1) I haven't figured a way to change the passphrase for a disk, so far it
>>seems like I've got to create a new one and copy stuff over. Is there such
>>a password change feature? Would be good to have.
>
>anti-sp...@rigel.cyberpass.net (James Bond) wrote:
>
>>Again, with BestCrypt it can take forever to do an on the fly
>>re-encryption with a different passphrase. It is far, far quicker to
>>extract the data in plaintext, create a new container and copy across.
>
>I'm surprised to hear this. It shouldn't take any significant amount of
>time at all to change your password, no matter how large the volume.
>
>The right way to design such a program is to randomly generate an
>encryption key when the volume is first created, encrypt that key with a
>hash of your password, and store it on your hard drive, just as your PGP
>private key is stored. Changing your password should simply be a matter of
>decoding the key with your old password and encrypting it again with your
>new one.
Is it the right way ? Well yes I guess it is.
And it is the way Scramdisk works.
It also has 1Kbyte of other random data, (which is why you need to
press that dammed button so many times, and waggle the nouse.) This
data is used to create the IVs for the sectors, and the output
"whitening" values, both sets which are unique for each disk. The idea
being that even if the key was discovered the attacker would have a
hard time with IVs (initial blocks in a sector only) and whitening
values which change in a difficult to predict manner. (This process
also ensures the uniqueness of the data for each sector)
Scramdisk has the facility to EXPORT this crtitical data, the size of
which is 1kilobyte plus the key size In practice it exports 256 bytes+
1 kilobyte.
This data can be exported to a file enciphered with a different
password, so you can allow an unknown number of people to access your
disk(s) _with their own_ passwords, by giving them a key disk, which
they can create for themselves.
All you do, is leave the application open, and let them create their
disks. They must satisfy themselves you have not installed Skin98 etc
to monitor their keypresses... (although I'm working on that......)
The upshot is that no amount of password changes of which you speak
will prevent someone with a key disk from being able to access your
data. Only full re-encryption of the disk will allow this. It will be
something I shall look at for the future. But I will only do it, if
it can survive a hard disk. Despite the experiences of others, I have
lost disks during re-encryption on the other systems under discussion.
Regards,
Aman.
>--
>Mike Naylor - myfirstname...@mail.serve.com
>Play Five by Five Poker at http://www.serve.com/games/
aman
>Hi,
>I have just tried Scramdisk on two systems. One is a 5x86-133 SCSI
>system with several large drives. The other is a P166 EIDE machine.
>Both are running under Win98. Overall the authors seem to be doing an
>excellent job and the program is looking very good.
>
>That said, I have a few observations anyway:
>
>Volume size: It would be nice if the program could support volume
>sizes up to the FAT16 limit of 2GB. I rarely use volumes smaller than
>2GB (the limit with Best Crypt). Is the Scramdisk 999MB limit
>changeable?
>
I was too lazy to reject values between 1999 Mbyte and 9999 Mbyte
which I would have to do. However I will amend this.
I have to say however that if people want data greater than 999 Mbyte
they really _ought_ to be using a partition, which _will_ support 2GB
The simple reason being that they are accessed directly, without going
_back_ through the filing system, and are therefore faster.
>Possible conflict with Best Crypt: Installing Best Crypt after
>installing Scramdisk on the IDE system seems to break Scramdisk.
This has been amended and a modification made. It was because
BestCrypt creates device DCBs which IMV _don't_ behave properly.
They pretend to be physical hard disks, and are hard to distinguish
from real hard disks. However when you look for partitions on them,
they neither return valid data, or an error code. I've delibrately had
to program around this.
Also expect however somewhat _slower_ mounting of many disks when
BestCrypt is instllaed.
>Either Scramdisk ignores attempts to mount volumes or it gives error
>messages. Un installing Best Crypt then fixes Scramdisk. On the SCSI
>system with Best Crypt already installed, any attempt to run Scramdisk
>produces invalid page faults and gets shut down by Windows. I have not
>tried un installing Best Crypt on the SCSI system.
>
This has also been fixed.....
>Formatting: In the case of creating a volume file on an already
>formatted host drive it would be nice to have the option to perform a
>quick format and skip verifying the media again. Especially on SCSI
>systems with defect management.
I'll give it a thought. It should be easy enough to quite when the FAT
structure has been written.
>
>
>Many thanks to the program authors!
Thanks for your feedback
Aman.
aman
<ssim...@hertreg.ac.uk> wrote:
>Bear,
>
>Specifically to the point RE BestCrypt, this is a known bug (nobody is
>perfect!) and will be fixed in the next release (v2.01?).
>
Hmmmm! ;)
IMV the bug belongs to Jettico rather than me. If they are going to
create DCB structures visible to the system code, which for all
intents and purposes appear like physical hard disk drives,the code
associated with these structures (in the DCB calldown list) should
behave as real physical disk devices do.
Which in this case mean returning either valid data, when such data
is requested, or an appropriate error code if it cannot return this
data. At the very least they should create a sectors full of NULL
values.... but an error code would have done.... Perhaps it is the way
they interact with Windows 95..... but I never knew why a port driver
with extra physical DCBs was required....
However I've programmed around _anyones_ "rogue" physical disk
DCBs... and this problem should be resolved in the next version.
BestCrypt and Scramdisk can co-exist peacefully....
Modifications for version 2.02:
(one person other than me in the USA has 2.01)
BestCrypt bug fixed.
Large fonts fixed at bottom of control panel. Gigantic ones disallowed
however... ;) Extra large, are ok...
16 Disk devices (rather than 8) now allowed at bottom of control
panel.
RH mouse click on system disks allows explore to be called, rather
than open.
Single mouse clicks on all disk icons rather than double clicks...
Explore button added to property box for Scramdisk mounted disks.
Minimize option instead of close, if timeout enabled, and disks
mounted...
Red Screen password entry mode.... (hopefully).
Date and time of last disk opening (?)
Regards,
Aman.
PS:
This post in no way implies that BestCrypt is seriously at fault, and
is IMV a very good product. All software (including, and probably
especially mine) has bugs, and this is simply one which was probably
undetectable and/or irrelevant at the time Bestcrypt was produced.
Alexander Majarek, Sascha, SAM
> (one person other than me in the USA has 2.01)
... sounds to me as if you are in the US (I hope that this isn't true -
[export regulations])
Oh, and another point concerning that American crypto export problem: When
you decide to involve companies in the creation process of an NT version
could you please have a look, that those companies are not from a country
with crypto export regulations (I don't mind paying for a good application
- but I hate it not to get one [although I'd be willing to pay for it
legally] because of political reasons.)
There's only one thing to say:
THANX for that great program and keep going on with your good work.
SAM
--
*************************************************
ThinkTank (FN 157681i, HG Wien)
Quinta da Friedali, Jedleseer Str. 25, A-1210 Wien
Tel: +43-1-271 44 00-0; FAX: 43-1-271 44 00-20
http://www.ThinkTank.at mailto:ma...@ThinkTank.at
PGP-Key: http://www.ThinkTank.at/ttank.pgp
*************************************************
Sam Simpson
The author and myself are both from the UK which currently has no export
regulations relating to intangible-goods, though this will soon be changing
:-(
The NT version will probably be produced in conjunction with an American
company, but we are going to get them to print and mail use the source code.
Don't you just love ITAR :-)
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Alexander Majarek, Sascha, SAM wrote in message
<35B7B4F0...@thinktank.at>...
Aman
Naylor) wrote:
>nos...@pd.jaring.my (Lincoln Yeoh) wrote:
>
>>1) I haven't figured a way to change the passphrase for a disk, so far it
>>seems like I've got to create a new one and copy stuff over. Is there such
>>a password change feature? Would be good to have.
>
>I wrote:
>
>>I'm surprised to hear this. It shouldn't take any significant amount of
>>time at all to change your password, no matter how large the volume.
>
>Am...@author.prg (aman) wrote:
>
>>Is it the right way ? Well yes I guess it is.
>>And it is the way Scramdisk works.
>
>That's good to know, but what about Lincoln Yeoh's question? Why can't he
>change his password? What is he missing?
Some code in the progam to reliably do the job, even surviving a reset
or power failure....... :)
When I've decided on a reliable and _secure_ way of doing this (and I
have the time), I'll add it... Unless someone else does....
But to merely change the passwords, via the key would be snake oil IMV
when you consider that the data to open the disk is exportable (with
different passwords), via a SKF file. Obviously the owner will know if
he's granted access to others, but will he remember it when he changes
his passwords ?
No IMV the full data, needs re-encryption, not just the critical data.
Until then, he needs to re-create the volume, and copy the data..
If his data is that valuable, I'm sure he can find the space
somehow... Such a utility _must_ be fully tested. I've no desire
whatsoever to take the blame for the loss of someone's valuable data
when the re-encryption process failed for reasons beyond my control..
In the mean time, I've been concentrating on IMV more worrying
difficulties, such as Skin98 hooking the keyboard and monitoring
everything done by windows.....
Oh yes you might think PGP 5.5 is secure, but do you know that Skin98
writes your private key passwords straight to a file on disk, when you
enter them ? I've seen mine there.... It even encrypts this file
on the registered version, and the utility doesn't even appear in the
program list (ctrl - alt- del)
You now have an option to input _all_ your passwords via a RED Dos
style screen... You also have an option to fast format....The
BestCrypt problems is fixed....The Font problem is resolved.... and
16 dos disks are now available..."Explore" has been added...
Etc. etc. etc.
Can anyone tell me when I can eat ? I am, after all working totally
alone on the coding of this _free_ software, with Sam handling all
the public issues such as liason etc.......
In the meantime until I *can* add the full recrypt option, if anyone
has typed:
"
_f8230H^$WEv-1287+39dfbh23490uashjbd
sd9457$2f8uerfuf0834L;re985t47908590234
a8904fi0-34ajkbdfkln34u9pvrjkb34o34290u3
w4upsd90ujf90u349u0gvfu903e90gu 90u054
"
and are finding it hard to cope with, they could create themselves an
SKF file, (stored say on a floppy disk) with a much simpler password,
(or even none at all) and use _that_ to open the disk instead, by
dropping it on the Win32 app panel........
Regards to all,
Aman. In the uk.
Chris Lawrence
on Fri, 24 Jul 1998, Sam Simpson wrote:
>The author and myself are both from the UK which currently has no export
>regulations relating to intangible-goods, though this will soon be changing
??
z0ne
>It even encrypts this file
>on the registered version, and the utility doesn't even appear in the
>program list (ctrl - alt- del)
and in wintop?
--
z0ne / z0...@cryogen.com FREE KEVIN www.kevinmitnick.com
'All my life I wanted to be some-one.
I guess I should have been more specific.. ' - Jane Wagner
Lincoln Yeoh
program freely available (at perhaps some risk to yourself?). I hope you
won't misunderstand and get the impression I am attacking you or your
program. I'm all for useful improvements, we may disagree with what is
useful and what is safe.
On 24 Jul 1998 05:25:01 -0500, Am...@author.prg (Aman) wrote:
>Some code in the progam to reliably do the job, even surviving a reset
>or power failure....... :)
What I meant was just changing the passphrase and not changing the
container secret key. The passphrase can be snagged easily, but ideally the
container secret key should not be as easily snagged as currently
implemented (pls see comments on .skf implementation below).
I believe that changing the passphrase can be done reliably with low risk.
If the container secret key is compromised by unauthorised creation of .skf
files, the container secret key has to be changed by recreating a new
container and copying the stuff over, deleting original, filling
compromised container with large file, then wiping it, and then the
container from existence.
>But to merely change the passwords, via the key would be snake oil IMV
>when you consider that the data to open the disk is exportable (with
>different passwords), via a SKF file. Obviously the owner will know if
>he's granted access to others, but will he remember it when he changes
>his passwords ?
In the current implementation, the owner will NOT know if he's granted
access to others. As long as the .svl file is still mounted, and PC is
unattended, anyone can walk over launch the scramble program, type in an
skf password, save the .skf onto a disk, and that person can later mount
the .svl container. There is NO need to retype the original passphrase at
all!
I believe the container secret key should not be so easily snagged. Is
there a way to hide and keep the secret key in ring 0?
In fact maybe export of the secret key to skf files or some other way
should NOT be so easy. Compromise of just one .skf file and password would
break it all.
How about if the secret key is only in the container and ring 0 memory? For
multi user access, perhaps 4 encryptions of the secret key can be allowed
in a container. So up to 4 different passphrases per container.
I'd prefer to keep the secret key at a lower level. Right now it seems to
be floating close to the top, and easier to skim off. With the secret key
at a lower level, we'll have to rely more on passphrases, if the passphrase
is compromised we change the passphrase. Whereas if the secret key floats
up and is skimmed off we have to change the whole container.
There are some interesting concepts of encrypting secret keys used in SFS
by Peter Gutmann. The partial keys thing is particularly interesting.
Of course Windows may be unable to keep the secret key safe in memory
anyway, but I think we'll have to keep our fingers crossed in the
meantime..
>In the mean time, I've been concentrating on IMV more worrying
>difficulties, such as Skin98 hooking the keyboard and monitoring
>everything done by windows.....
Yep. There are also hardware keyboard sniffers- plug the sniffer between
keyboard and PC. Later retrieve sniffer and download the passphrases.
I believe protecting yourself against such software may be extremely
difficult.
I did a patch to the DOOM Mouse spinner, to support the keyboard. So with
just a keystroke them keyboarders could flip 180 degrees in DOOM. There
were people actually claiming that only ID could do it, since DOOM took
control of the keyboard interrupt etc blahblah. But I just got the mouse
driver shim to read straight from the keyboard IO port.
Could a background task poll the keyboard IO port directly? Wake up every
1/50 sec or something. If it's possible, how can a program prevent that
from happening?
>Can anyone tell me when I can eat ? I am, after all working totally
>alone on the coding of this _free_ software, with Sam handling all
>the public issues such as liason etc.......
Erm, feel free to eat :).
>SKF file, (stored say on a floppy disk) with a much simpler password,
>(or even none at all) and use _that_ to open the disk instead, by
>dropping it on the Win32 app panel........
Yeah that's what I don't like :). skf file with NO password.
Eat, keep your strength up. Long journey ahead :).
Cheerio!
Lincoln Yeoh
>Both these are fixed.. 16 drives allowed now... I ran out of space
>too!
Hehe.
>>On my OSR2, when I am copying a lot of stuff to my encrypted drive from a
>>nonencrypted drive, I notice that the mouse pointer stops moving and pauses
>
>There isn't all that much I can seem to be able to do about this. It
>does not generally happen on '98 or the original version of W95,
>except when the cipher code is complex/slow (EG 3Des)
Ack. So I was right. Underneath OSR2 is quite different from the original
W95. Hmm why this is happening on OSR2 and not the others? What did
Microsoft do? Grrr.
>way round this I don't know.... But the OS could have checked for open
>files on the drive (if they are not its own) and prevented defrag from
>running....
>
>One can only use the services of "IFSMgr_Ring0FileIo" calls which
>allow open in exlusive or shared mode. But there is no facility which
>AFAIK will stop defrag and the os from causing this trouble. I can
>only react to the file system error as it occurs...
Are the mounted .svl files opened in exclusive mode? I figure they should
be opened in exclusive mode.
Can defrag still move exclusive mode files around? Weird.. Is that safe?
>What should the Hotkey do, if you have open files on the Scramdisk ?
>The hotkey would have to operate in the context of the device driver,
>whiich _isn't_ a thread or task, but a static link into the
>IOS.Therefore any hotkey could not be implemented in the context of
>any task, and would have to be global and *unique* to the ScramDisk
>driver, and soley owned by it. As such it would need to be
>configurable. Would it be too much to expect the users to enter the
>correct Scan code, for their chosen HOT key(s) ?
Can an application read the scan code and then save it for the VXD to find
it? Or let it know somehow?
How about two hot keys- one for "Unmount please". and one for "Unmount NOW
DAMMIT!".
First is like the normal dismount all, but dismounts even if explorer has
the "disk" in view. Is there a way to tell the difference between files in
use, and disk viewed in explorer?
>>3) Make it easier to mount drives. When drives are to be mounted perhaps an
>>automatic prompt for a password if none has been specified, or if none
>>match
>> (a cancel button should be present as well).
>
>There is one on the password input dialog.... (?)
I meant if I try to mount a file/partition, and the current passphrases do
not decrypt so that the two special blocks are the same, a dialog box could
popup for people to enter their password, with an OK and a Cancel (just in
case they try to mount the wrong file).
if password incorrect the box will pop up again till Cancel or correct.
>This involved the registery, the use of which I want to avoid. However
>I intend to look at methods whereby you can "do it yourself" if that
>is what the user wants. But I shall *never* enforce the use of the
>registery on a program like this. Indeed the rationale of the software
>has been arranged so it can quite do without it.
True I don't like the registry myself. But what I'm thinking of is that
when the scramdisk.exe is run with a commandline parameter it could try to
mount the specified file/path.
Example:
scramdisk <filepath> = mount the file and popup password box if
necessary.
scramdisk -p [label/description] = try to mount partitions, partition label
optional (if not spec, try mount all, if specified try mounting partion, if
can mount(have passphrase) but label doesn't match, don't mount).
Then users can go set up their own shortcuts or even associate .svl files
with scramdisk.exe. e.g. Right click .svl file, Open with, select Other..,
find scramdisk.exe, select "Always use this program to open this type of
file".
You won't have to touch the registry.
Is this easy to do? I figure the partition label thing may be tougher,
easier would be try to mountall partitions. Or just skip parameters for now
and just assume trying to mount files.
Chris Lawrence
on Sat, 25 Jul 1998, C. Peter Constantinidis wrote:
>He's saying that the UK is going to copy France in the near future.
>(i.e. encryption is illegal unless you belong to the ruling elite)
Oh dear. Where can one find out more specifically about this?
David Parkinson
: In news article <35ba2daf...@lh2.rdc1.sfba.home.com>
: on Sat, 25 Jul 1998, C. Peter Constantinidis wrote:
: >He's saying that the UK is going to copy France in the near future.
: >(i.e. encryption is illegal unless you belong to the ruling elite)
He's not actually....
: Oh dear. Where can one find out more specifically about this?
<http://www2.dti.gov.uk/export.control/stratex/>
Proposed legislation that will control "intangible transfers"
Timothy John Woodall
some followups may be more appropriate in sci.physics or sci.chem always
assuming that anyone want to follow up at all
In a rhapsodic soliloquy <6pcugg$csq$1...@pheidippides.axion.bt.co.uk>,
David Parkinson <dpar...@fatman.alien.bt.co.uk> scribed the following
pearls of wisdom
Went and had a look at this. Doesn't seem to mention cryptography at all
although there were a few phrases that may catch it but IANAL so I'm not
sure.
However, the following did catch my eye.
From Section 3.2.1
Information can also be passed on in non-documentary form (e.g. orally
or through personal demonstration). The proposal to make it an offence
to do something which it was known or suspected could assist a weapons
of mass destruction or long range missile programme, described in
paragraph 3.1.4,
And from Section 3.1.4
However, the Government is also concerned that a UK person or company,
might, without being directly involved in an attempt to produce a weapon
of mass destruction, nevertheless, provide a service or information
which could assist such a programme.
Does that mean that all my nuclear physics lectures that mentioned
nuclear fission would be illegal. Perhaps the teaching of Newton's F=ma
will also be illegal due to its rocketry implications.
Likewise, is chemistry going to become an illegal subject to teach. Even
at A'level you can't help but learn what are toxic chemicals and what
are relatively harmless if only because some experiments are done in a
fume cupboard and others are done on the bench.
Only recently I had a foreign friend who had been unwell and also had a
faulty stove. Would the fact that I warned her about the dangers of CO
poisoning be illegal?
If cryptography is classed as a weapon of mass destruction then large
chunks of maths could become illegal to teach.
Tim.
--
char t[201]=" 4>#{#w6.-#.x@=/8<@3=$XXX=t#55*-88)!718'u1=862(W.<2j8K``;*.5"
",p%H;8!!s B08]=>*=!I*!B,7*-7>-Xfu2As8z!.cO;.em! \"78D*2=*9AP\"<<.75*,8?^"
":.VV25W2<7X.;968,72!\"B=2>02+6*!@.1,<&",*_=t+167,*a=t+200;p(c){putchar(*a
--=c);}main(){while(--_>=t)*_>66?p(a[*_-=65]),p(a[*_]):p("\n ,.@BEJTWabcd"
"efghijklmnopqrstuvwxy"[*_-32]);}
Replace nospamplease with my first name to reply.
aman
<ssim...@hertreg.ac.uk> wrote:
>Peter,
>
>Thanks for your post. You make plenty of good points, if I can address a
>couple of the more important ones:
Stuff *already* implemented for the soon to be released version 2.02:
RedScreen password input. Not completely secure, but more secure than
key presses flying around Windows to Skin98
Not manditory. Can be set up as an option.
Option to leave Scramdisk running invisible in "Systray", rather than
to complely quit. Also option to minimize, if timeouts and disks
mounted.
Date and time of *last* disk opening added to Scramdisk property box.
"Explore" open modes added.
Changed mouse to Single mouse clicks
16 Dos Disks implemented at bottom of screen
Bottom of window BIIG font problem fixed.
BestCrypt Co-existence problem fixed. (I hope...)
Allow user to associate SVL (or any other) extension with Scramdisk,
using "open with." or setting "file types" Wav files can be also
opened by adding an extra association with scramdisk. This results in
double click on file prompting for passwords (and subsequent mounting
if correct), or mounting the disk image if the passwords are known.
Clicks on any mounted container file, will open the window of the
encrytpted disk it stores...
This results in REGISTRY MODIFICATION and therefore isn't mandotory to
use it.
SKF files can also be associated with the software too.
Fast track container creation/format added. (apart from Wav
steganography) Finishes after FAT16 structure written. On file
creation writes only the dos strucure, and the LAST block in the
file, to create the "extent" of the file...
Now allows containers > 999Mbyte to be created...
Ability to enter bytes (in ULONG boxes) rather than little endian
DWORDS in cipher verifier. A tick box allows this.
Stuff presently under consideration:
1: Full recrypt to same file/partition. (So no shredding needed)
2: Two global Hot keys...
3: All block cipher code to move to VxD with a consitent, and easy to
understand "block cipher header" so more ciphers can be easily added
by others.
Regards,
Aman.
Alan Braggins
> >>The author and myself are both from the UK which currently has no export
> >>regulations relating to intangible-goods, though this will soon be changing
> >??
>
> (i.e. encryption is illegal unless you belong to the ruling elite)
It's closer to copying the US (and it isn't definite yet). It's export
that might be controlled, not internal use.
See http://www.dti.gov.uk/export.control/stratex/
Chris Lawrence
on Sat, 25 Jul 1998, David Parkinson wrote:
><http://www2.dti.gov.uk/export.control/stratex/>
Cheers for the clarification David, I will check this out.
Lincoln Yeoh
--
#1 Can't remount a .svl any more.
OK, I can no longer mount a particular 200MB .svl file. I am not sure it's
because I forgot the passphrase I believe that is unlikely- when I created
I did test it out, before chucking stuff into it to test it out. I doubt I
could have typed the passphrase incorrectly twice whilst creating it. And
at least 4 to 5 times incorrectly again, when remounting the file on other
occasions. I've also tried combinations of of typos :).
The reasons I believe could be
1) OSR2 issue.
2) My erm fooling around with defrag whilst .svl open (bluescreen warning
and all that). But it opened ok after I tried that.
3) My messing around with .skf files for that container (unlikely).
4) Some other dumb reason not to do with scramdisk.
What may be pertinent to 1) I noticed that my OSR2 windows cannot shut down
completely after I mount a .svl file and use it (write to it?). So far I
created another container wrote to it, tried the shutdown, which failed,
the auto-Scandisk on reboot didn't find any problems, I could remount the
container. But maybe it needs repeated occurrences, or only a particular
situation (I have a knack of finding particular situations!).
I have not noticed this shutdown problem with Windows 95 950a, so far I
have not lost any data on that version.
If windows does not shutdown probably, maybe the .svl file is not updated
fully- then the next time I can't remount it. I'm not sure if recovery is
possible. Are those special two check blocks rewritten each time? If those
get corrupt can the data still be retrieved?
There maybe something quite different in the way OSR2 actually does things
(in contrary to what Microsoft says it does :) ). Why is the mouse pointer
problem not present in 950a, Win 98? Maybe they overoptimised some stuff
and went back to more reliable code in Win 98? Pure speculation here..
Meanwhile I'd say check out Scramdisk, but don't put all your eggs in one
basket. If you still need the data to only be in encrypted form on
Scramdisk, you could use two containers for similar data. The chances of
both going poof is probably very low. People with OSR2 should be extra
careful, till more experience is gained.
---
#2 Interesting behaviour
I created a container with passphrase #1 "testing" all the rest blank.
Mounted ok.
Dismounted and cleared all passwords.
Typed in
#1 testing
#2 testing
#3
#4
(3 and 4 blank)
Tried to mount the container, it failed of course.
Then I went back to the passphrase dialog box, cleared #2
(delete/backspace). Clicked on Accept.
I couldn't mount the container.
I have to Reset the passphrase thingy and reenter the passphrase #1 and
leave the rest blank.
This is not really a problem. But it might have something to do with my
being unable to remount the 200MB container. But I've already tried quite a
bit of stuff.
---
#3
I still don't like the idea that skf files can be created without requiring
the main passphrase to be entered.
#4 (I can't count :) ).
Aman deserves a nice dinner :).
aman
wrote:
>3 items.
>--
>#1 Can't remount a .svl any more.
>OK, I can no longer mount a particular 200MB .svl file. I am not sure it's
>because I forgot the passphrase I believe that is unlikely- when I created
>I did test it out, before chucking stuff into it to test it out. I doubt I
>could have typed the passphrase incorrectly twice whilst creating it.
Did you reboot and get a successful opening ?
I also recommend to try disabling write behind cache. At least as a
test...
> And
>at least 4 to 5 times incorrectly again, when remounting the file on other
>occasions. I've also tried combinations of of typos :).
>
>The reasons I believe could be
>1) OSR2 issue.
>2) My erm fooling around with defrag whilst .svl open (bluescreen warning
>and all that). But it opened ok after I tried that.
>
>3) My messing around with .skf files for that container (unlikely).
>4) Some other dumb reason not to do with scramdisk.
>
>What may be pertinent to 1) I noticed that my OSR2 windows cannot shut down
>completely after I mount a .svl file and use it (write to it?).
I've not observed this. It doesn't happen on Win95 Nor Win98 or the
OSR2 stuff i've tested..... The container files are closed on a
Kernel32_Shutdown notification.. Otherwise Windows gripes a little
bit...
>So far I
>created another container wrote to it, tried the shutdown, which failed,
does it shut down ok, if you DISMOUNT the Scramdisks first ?
SVL Open files get forcibly closed on a Kernel32_Shutdown notice.
Perhaps OSR2 doesn't issue the notice in the same order, as
950a.......
950a also goes haywire, unless the mounted volumes are dismounted, and
ultmimately refuses to close down....
>the auto-Scandisk on reboot didn't find any problems, I could remount the
>container. But maybe it needs repeated occurrences, or only a particular
>situation (I have a knack of finding particular situations!).
>
>I have not noticed this shutdown problem with Windows 95 950a, so far I
>have not lost any data on that version.
>
>If windows does not shutdown probably, maybe the .svl file is not updated
>fully- then the next time I can't remount it.
>I'm not sure if recovery is
>possible. Are those special two check blocks rewritten each time?
NO!
>If those
>get corrupt can the data still be retrieved?
They could, but only by amending the progam...
The critical data is written at format time, and never re-written....
This is in the first 2K of the file....
>
>There maybe something quite different in the way OSR2 actually does things
>(in contrary to what Microsoft says it does :) ). Why is the mouse pointer
>problem not present in 950a, Win 98? Maybe they overoptimised some stuff
>and went back to more reliable code in Win 98? Pure speculation here..
Win98 seems ok on this. I use it at work (with Scramdisk), with no
problems at all. I've tried OSR 2 and noticed no problems either....
I'll certainly checkthis out. Bear in mind, that _trailing_ invisible
chars _are_ significant........ so two spaces etc. at the end of a
PW are valid...
>---
>#3
>I still don't like the idea that skf files can be created without requiring
>the main passphrase to be entered.
So you've said! I said I was going to alter it, by making sure that
SKF files can only be created within a (configurable ?) short time
after mounting the disk drives.. After that to create an SKF file,
you'd have to dismount, and re-mount again.... and of course type in
the passwords, unless you've already got a valid SKF file....
>
>
>#4 (I can't count :) ).
>Aman deserves a nice dinner :).
>
Ta.....
Hilton Travis
Aman
Constantinidis) wrote:
>On 26 Jul 1998 13:53:06 -0500, am...@author.prg (aman) wrote:
>>I also recommend to try disabling write behind cache. At least as a
>>test...
>
>I have seen you mention this in a few messages. Every single Windows 9x
>machine out there comes with it enabled as a system default setting. For my
>own education (and maybe others too) perhaps you could provide a pointer to
>an url or the like that explains why this might be a good idea because as I
>understand it, disabling write-back in favour of write-through can slow down
>system performance.
It can, because it is supposed to use idle time, to write to disks..
However when open files are on the disk volume, and you dismount, that
volume data may not have been written to it,, or you may get a blue
screen telling you off, for closing the disk, when there is open files
on it, even though the code has checked (and confirmed) that no open
files exist on the disk! Its because they are in fact closed, but data
is still pending in the write behind buffer. It isn't particularly
Scramdisk but all disks. Especially if one gets a crash... I prefer to
know my data goes to the disk, when expected. Just a personal
preference, when you consider the speed of modern hard disk drives...
Regards,
Aman.
>
>Best,
>Peter.
>
>--
>p...@shaw.wave.ca
>DSS/D-H: 0x81F1BC09 DFD1 D149 40BD 8139 05D5 D8FA 2BA4 E143 81F1 BC09
> RSA: 0x6DC376E5 0AE1 0FB7 A43A 0818 3EC4 F2DD 1458 EFCE
Aman
<hilton...@usa.REMOVE.net> wrote:
>And where can I get a copy of Scramdisk?
>
DK
dismount?
z0ne
<hilton...@usa.REMOVE.net> wrote:
>And where can I get a copy of Scramdisk?
http://www.hertreg.ac.uk/ss/
Or at
ftp://ftp.replay.com/pub/crypto/disk/sdisk.zip
Sourcecode:
ftp://ftp.replay.com/pub/crypto/disk/SdWin32Src.zip
ftp://ftp.replay.com/pub/crypto/disk/SdDriveSrc.zip
For other locations try searching for the filename(s) at
http://ftpsearch.ntnu.no/
Aman
>Surely one could invoke some kind of 'flush to disk' as part of the
>dismount?
>
Volume flushes have always been present to flush pending data out to
the encrypted volume, when such a disk is being dismounted.
The driver calls the system service "_VolFlush" in its dismount code.
As a precaution, I've added another call to _VolFlush to flush the
*host* file storage volume cache out to disk, as well, so any data
pending in VCache for the *host* file, should be flushed as well. This
happens in the case of container files,and wavs, but not partitions.
_VolFlush now gets called not only for the encrypted disk volume, but
also for the disk volume which is hosting the file.... and then that
host file is closed by the device driver
This has been tested on Win98 (with write behind cache *enabled* by
copying large files, and then immediately dismounting the disk. The
large file copied is intact when the disk is re- mounted.... This mod
(after thorough testing) will be incorporated into version 2.02
currently being developed.
Thanks for your suggestion.
Regards,
Aman.
pvry...@ovtsbbg.pbz
On Sat, 25 Jul 1998 23:17:40 +0100, Chris Lawrence
<ne...@spacetime.demon.co.uk> wrote:
>In news article <6pcugg$csq$1...@pheidippides.axion.bt.co.uk>
>on Sat, 25 Jul 1998, David Parkinson wrote:
>
>><http://www2.dti.gov.uk/export.control/stratex/>
>
>Cheers for the clarification David, I will check this out.
As I've pointed out somewhere else in this ng, this White Paper is the
result of the turgid enquiries into the Matrix Churchill affair (exporting
machine tools to Iraq capable of constrtucting a supergun) and nothing to
do with encryption. Should not be confused with the "PROPOSALS FOR SECURE
ELECTRONIC COMMERCE BILL" which was published by the DTI on 27th April and
*does* deal with encryption and digital signatures. The text of the press
release can be found on the DTI web site on or around 28th April.
Chris Ward.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBNbz6S8oHR8g+vP61AQE56AP/YCjIWkfvlI8EoHZjaLWNDMFci1jYe/7u
lzmXN3enAgNL7ot15Oj3B9s0sQvL60OL7CVlyPLbMWhLcrsscWhqjcJMFZbrYrBb
PlDlkBygj02c+ZtGk8IzrVVD4PRMD7Fsu3lprRabqJZok4NQxZXvG3up76i0LUF6
BX0e1l0kAPI=
=zSIp
-----END PGP SIGNATURE-----
Lincoln Yeoh
>>I did test it out, before chucking stuff into it to test it out. I doubt I
>>could have typed the passphrase incorrectly twice whilst creating it.
>
>Did you reboot and get a successful opening ?
Hmm. Can't remember for sure, but I think so - since it only happened a few
days after creation of the container. I didn't do all the testing in one
sitting.
>I also recommend to try disabling write behind cache. At least as a
>test...
Well that is a good idea for reliability (esp if people tend to
nuke/boink/latierra/land you whilst on the network). But it's pretty bad
for performance.
I haven't tested what would happen whilst writing to a container and
Windows gets KO'ed by a denial of service network attack.
>does it shut down ok, if you DISMOUNT the Scramdisks first ?
>SVL Open files get forcibly closed on a Kernel32_Shutdown notice.
>Perhaps OSR2 doesn't issue the notice in the same order, as
>950a.......
>950a also goes haywire, unless the mounted volumes are dismounted, and
>ultmimately refuses to close down....
I didn't do a dismount.
>The critical data is written at format time, and never re-written....
>This is in the first 2K of the file....
Well in that case I doubt that the first 2K is corrupt. However if the
first 2K is not corrupt then why doesn't it not mount? Wouldn't it mount
and then Windows complain that the Drive is not accessible/formatted?
>>#2 Interesting behaviour
>>
>>I have to Reset the passphrase thingy and reenter the passphrase #1 and
>>leave the rest blank.
>>
>I'll certainly checkthis out. Bear in mind, that _trailing_ invisible
>chars _are_ significant........ so two spaces etc. at the end of a
>PW are valid...
Try typing an incorrect passphrase(s), then trying to mount. Then type in
the correct one. I can't mount unless I reset the passphrase and retype.
Whoopee, my "Murphy Field Intensifier" seems to be working..
Lincoln Yeoh
>Scramdisk but all disks. Especially if one gets a crash... I prefer to
>know my data goes to the disk, when expected. Just a personal
>preference, when you consider the speed of modern hard disk drives...
Yeah but remember that modern hard disk drives have built in caches/buffers
as well.
Anyway I'm more worried about what happens if Windows crashes (GPF or
bluescreen) whilst Scramdisk is writing to an .svl file. What is the
minimum size block that has to be written for things to be safe?
I don't mind lost clusters that much, but what conditions would cause the
container to be unmountable? (I'm trying to figure out what happened in my
case).
I did also try to skf mount the already mounted .svl file. Would that cause
problems?
Aman
wrote:
>On 27 Jul 1998 05:26:01 -0500, Am...@author.prg (Aman) wrote:
>
>>Scramdisk but all disks. Especially if one gets a crash... I prefer to
>>know my data goes to the disk, when expected. Just a personal
>>preference, when you consider the speed of modern hard disk drives...
>
>Yeah but remember that modern hard disk drives have built in caches/buffers
>as well.
>
>Anyway I'm more worried about what happens if Windows crashes (GPF or
>bluescreen) whilst Scramdisk is writing to an .svl file. What is the
>minimum size block that has to be written for things to be safe?
Just the same as if the system was writing to any disk....
>
>I don't mind lost clusters that much, but what conditions would cause the
>container to be unmountable? (I'm trying to figure out what happened in my
>case).
The first 2k might be bad... This never gets written to....
Or the dos stuff be may be corrupted. But then the disk icon would
appear on the system....
>
>I did also try to skf mount the already mounted .svl file. Would that cause
>problems?
No. It screens out two container files with the same path......
Are you sure you've not done something weird or simply forgotten your
passwords.... ?
Yours is the only report of this kind (possible file corruption)
Regards,
Aman...
Alan Shields
He's at http://www.netcomuk.co.uk/~lottery/ls11.html
Cheers
--
--
Anthony Naggs
>Sam,
>
>The author and myself are both from the UK which currently has no export
>regulations relating to intangible-goods, though this will soon be changing
Strong encryption has long required an application to, and approval
from, the DTI. At least with software on disks. I have never tried to
bypass this through, say, ftp distribution. It's just not worth the
risk of arrest & prison! (IMO)
>The NT version will probably be produced in conjunction with an American
>company, but we are going to get them to print and mail use the source code.
>Don't you just love ITAR :-)
Disk encryption under NT isn't too hard AFAICS, but Microsoft IFS would
be very useful, ($$$s). Or probably even better would be some of tools
that can help in this, (many more $$$s).
Anthony
--
BAD COMPUTER! That's my registry file you've trashed.
Sam Simpson
in my previous post, you can export software as intangible goods without
risk of prosecution. This law is due to change soon though......
--
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Anthony Naggs wrote in message ...
>After much consideration Sam Simpson decided to share these wise words:
>>Sam,
>>
>>The author and myself are both from the UK which currently has no export
>>regulations relating to intangible-goods, though this will soon be
changing
>>:-(
>
>Strong encryption has long required an application to, and approval
>from, the DTI. At least with software on disks. I have never tried to
>bypass this through, say, ftp distribution. It's just not worth the
>risk of arrest & prison! (IMO)
>
<snip>
Aman
<a...@ubik.demon.co.uk> wrote:
>After much consideration Sam Simpson decided to share these wise words:
>>Sam,
>>
>>The author and myself are both from the UK which currently has no export
>>regulations relating to intangible-goods, though this will soon be changing
>>:-(
>
>Strong encryption has long required an application to, and approval
>from, the DTI. At least with software on disks.
How many bits is "Strong encryption" ?
[Whatever that means......]
I didn't create any "strong" cipher algorithms, I'm much too brainless
to accomplish anything of that intellectual order. Even if I was, they
would be untrusted, and unused until those with experience could
cryptoanalyse them over many years.
The "summer" algorithm was a simple, but extremely fast XOR
scrambler, where the "seed" value for a simple PRNSG changes every 512
bytes, but it is relatively insecure, especially if someone has a copy
of your container!
So It was suggested I add "industry standard" ciphers, and
algorithms.
Where did we get those algorithms ?
I could say they were from a very famous book(in these circles) by an
American author, which I can purchase for about fourty quid in my
local "Blackwells" bookshop, where they _always_ have a copy in
stock....
[I actually got most of the source code from European internet
sites.]
So what does the law assume ? Criminals and terrorists don't know
how to type ? I'm sure some of them do, and that they do so when
necessary.........
From the point of view of someone who exists almost totally in a world
of pure logic, the crypto regulations are hard to justify to say the
least, and seem to border on an absolute joke.
**All** I have done, (as have many before me), is to take some "off
the shelf" software components available to anyone, who knows where to
look, REGARDLESS of where in the world they might happen to be, and
use them in conjunction with my hard won knowledge of low level IOS
Windows 95/98 programming, which IMV was quite the hard part of
this....
> I have never tried to
>bypass this through, say, ftp distribution.
Have you got something you can sell only in the UK ?
> It's just not worth the
>risk of arrest & prison! (IMO)
It's like saying "OK, you can have plutonium, and those little nuclear
trigger devices in your possession, but you can't use them to make any
weapons. " This would never do, would it ?
But we can have the cipher algorithms can't we ?
In the possible future advent of a much more "sanitised" but poplular
operating system, such as the one found in the Acorn range of
computers, (Risc OS 3.x) you'll get 13 year olds writing such disk
encryption programs, using code which is available publicly
(in books?) Yes it is that easy, and I've (honestly) seen schoolboys
write excellent system code for that series of machine. They can type
too!
It is only the difficulty of dealing with the low level driver code of
"MS Windows" (TM) to achieve acceptable reliability in operation ,
that has ( IMV ) prevented a plethora of similar programs from being
available already for Win95/98 If anyone was to be imprisoned, it
would be for knowing too much about Windows! The crypto code is there
for anyone who wants it. Even without the Internet. Ask for it at
your local bookshop or in your _public_ library!
I also wonder why it is, we in the UK (who are supposed to be
America's oldest ally) are not allowed the priviledge and benefit of
128 bit commercial encryption products..
Surely they don't regard the UK (unlike Canada) as a potential enemy
do they ?
Regards,
Aman.
Aman
<Use-Author-Address-Header@[127.1]> wrote:
>Just wanted to secont the motion on a couple of desired bells and whistles:
> (parts of orig post cut)
>
>On Wed, 22 Jul 1998 13:42:23 GMT nos...@pd.jaring.my (Lincoln Yeoh) wrote:
>
>
>>
>>Features I'd like to have.
>>
>>2) Hotkey/quick dismount. A quicker way to dismount all encrypted drives
>>and flush passwords (no prompts) would be nice to have. User Hotkey would
>>be excellent. Apparently windows can associate keys with tasks, maybe can
>>use that.
>
>Second the motion. Improves physical security.
This has been implemented for version 2.02, which is under
construction. The timeout screen, (now timeout/coonfigure) has the
following NEW (added) options:
[ ] Enter all passwords in red message mode
[ ] Use quick formatting. (Does not apply to Wav files)
[ ] Leave Scramdisk in tasktray (iconbar RHS) when close/exit
requested
Ticking the above option then allows the following:
[ ] Enable dismount Hot keys
-Normal dismount-
[ ] Ctrl
[ ] Alt Fkey [1 ] (enter 1 to 12 here)
[ ] Shift
and the same for Brutal hot key
Passwords are flushed on dismount. (Obviously)
Hotkeys are used in conjunction with the option to leave the software
running in the iconbar "systray", when you can enable the hotkeys -
CTRL/ALT/SHIFT combinations, which are used in conjunction with
function keys F1-F12.
Two hot keys are available, "Normal", and "Brutal". Brutal will NOT
close down the drives, until it has determined no disk activity (on
scramdisks only) for two seconds. Hence the playing of a video, or Wav
file, from a Scramdisk, or writing data to it, wont crash the machine.
Brutal *, will dismount as soon as activity stops. Prepare for a BSB
[Blue screen *olloc*ing] however, if you have open files on the
dismounted drive. There seems to be little that can be done about
this objection from Windows.
>
>>
>>3) Make it easier to mount drives. When drives are to be mounted perhaps an
>>automatic prompt for a password if none has been specified, or if none
>>match
implemented.
>>(a cancel button should be present as well). Also Scramdisk should be
>>associated with .svl files, when you double click on them, Scramdisk will
>>attempt to mount the file(s) as a drive and prompt for a password if
>>necessary. This would be cool, since you can then mount disks with
>>shortcuts in your Startup folder.
>
>Again, agree. Similar to what BestCrypt does would be OK.
This has also been implemented, when you click on SVL files. (They
don't even have to be SVLs, you can use any type you like...)
You have to *manually* set up the system however. Simply click on SVL
you'll be prompted for "open with", and then click "Browse" for your
location of Scramdisk.exe. You can also amend the icons etc, with file
types... Clicking on SVL files, will then start scramdisk, which will
either mount the disk, after prompting for password, or instruct a
previous instance of the software execution (say in systray) to do so.
The other command parameter options available are "Scramdisk.exe /DN"
to dismount normal, "Scramdisk.exe /DB" to dismount Brutal *, and
"Scramdisk.exe D:\myfile.svl" to mount the container "D:\myfile.svl"
Password input will be requested if not already cached.You can create
shortcuts with these options added.
* Brutal = close all disks regardless of open files. Only current IO
prevents dismount, and only until 2 seconds of inactivity.
I have re-encrypt (long job) to do, and also the retyping of
passwords (after a few minutes) when creating SVL files.
>
>
>
>------------
>Q: Whats the difference between Freeware and Payware?
>
>A: Freeware has customer support.
ROFL.
Regards,
Aman.
Quinn Tyler Jackson
>do they ?
When did the US declare war on us Canadians? I musta blinked and the war is
already over.
We're not a potential enemy to the US. All they'd have to do is cut our TV
feed and we'd all die of boredom from being forced to watch the CBC. We'd
fly the Stars and Stripes and sing the SSB within seconds of the static
hitting the American channels on our sets.
Whenever the US tells Canada to jump, not only do we ask "How High?", we
appoint a Royal Commission to determine what effect each of the proposed
heights of the leap will have on our cultural heritage.
Cheers from War Torn Canada,
Quinn Tyler Jackson
email: qjac...@wave.home.com
url: http://www.qtj.net/~quinn/
ftp: qtj.net
[You say you hear munitions pounding on the buildings outside? Nah, that's
just the ricochet of 128-bit encryption you hear, son.]
Aman
<qjac...@wave.home.com> wrote:
>>Surely they don't regard the UK (unlike Canada) as a potential enemy
>>do they ?
>
>When did the US declare war on us Canadians? I musta blinked and the war is
>already over.
Sorry, misunderstanding.
"Unlike Canada", because the UK may be indeed regarded as a potential
future enemy (unlike Canada) , because we _can't_ have their 128 bit
encryption products from the USA, yet you people (in Canada) can!
Regards,
Aman.
Richard Herring
> After much consideration Sam Simpson decided to share these wise words:
> >Sam,
> >
> >The author and myself are both from the UK which currently has no export
> >regulations relating to intangible-goods, though this will soon be changing
> >:-(
> Strong encryption has long required an application to, and approval
> from, the DTI.
Which Act of Parliament or Statutory Instrument mandates this?
--
Richard Herring | <richard...@gecm.com> | Speaking for myself
Sam Simpson
Export and Customs Powers (Defence) Act 1939.
See http://www.dti.gov.uk/export.control/stratex/ for details of the white
paper which suggests further legislation.
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Richard Herring wrote in message <6q4kbk$t5o$1...@miranda.gmrc.gecm.com>...
pvry...@ovtsbbg.pbz
On Mon, 3 Aug 1998 17:16:41 +0100, "Sam Simpson" <ssim...@hertreg.ac.uk>
wrote:
>See http://www.dti.gov.uk/export.control/stratex/ for
>details of the white paper which suggests further
>legislation.
I have. Which particular paragraph refers to encryption?
Chris Ward.
-----BEGIN PGP SIGNATURE-----
Version: PGP 5.5.3i
iQCVAwUBNcYSVcoHR8g+vP61AQGN1gP8D0GwyC6x1RyXDCm3/iON29hBgSyTZVLg
MCnxnrI09w1DjuiYoly5L5JVoheW6pUbVNGc4PePXmG/VmNVu86sHDanXC3ldDpQ
tAZFfIlr3WgtcAkQV4T/KOeFMk236+CZFiz8i/pd9J39+2b5UjH0Y9G28P1JM2XN
TLwJd9EQpV0=
=2Cd+
-----END PGP SIGNATURE-----
Bill Unruh
>After much consideration Sam Simpson decided to share these wise words:
>>Sam,
>>
>>The author and myself are both from the UK which currently has no export
>>regulations relating to intangible-goods, though this will soon be changing
>>:-(
>Strong encryption has long required an application to, and approval
>from, the DTI. At least with software on disks. I have never tried to
>bypass this through, say, ftp distribution. It's just not worth the
>risk of arrest & prison! (IMO)
I believe that the situation is similar to that in Canada in tht "public
domain" (meaning within tht context that it is available over the
counter and has no restrictions as to its use-- copyright does not
invalidate this definition of public domain) does not need a license to
export it. I would advise you to look in detail at the UK law.
Daniel James
> I also wonder why it is, we in the UK (who are supposed to be
> America's oldest ally) are not allowed the priviledge and benefit of
> 128 bit commercial encryption products..
>
Oldest ally? We're the first people they ever went to war against!
Still, I suppose contempt breeds familiarity, or something.
There is a common misunderstanding of what the USA allows to be
exported. There is no blanket prohibition of the export of encyption
(or any other so-called munition) from the USA, but there are
regulations to say that munitions can only be exported with the
permission of the appropriate government agency(ies), and there is a
requirement that whoever receives the 'munition' in question agrees not
to re-export it (at least, not without asking the Americans first).
Permission is usually granted if it appears that the 'munition' is not
to be used /as/ a munition, so long as US overseas trade seems likely
to benefit. I've seen US-made DES-based point of sale equipment in use
in Eastern Europe - ten or twelve years ago, when Eastern Europe was
still regarded as a hotbed of communism - and I'm sure it wasn't
smuggled out of the US.
The export of goods - including software - from the UK is also
controlled, though UK govenrment policy doesn't smack of commercial
protectionism to quite the same degree. The controls are enforced: I
know of companies that have been required to reduce the strength of
encryption in commercial products when selling them in Hong Kong (while
it was stil British) and South Africa, for example.
I imagine that if you were to try selling Scramdisk to Iraq right now
HMG would be about as pleased as if you were selling howitzers.
Cheers,
Daniel James
Daniel at sonadata.demon.co.uk
Emilio Oriente
I read on the web page that algorithms used in SCRAMDISK are supported
"in per-sector CBC mode". Why such choice, instead of others modes of
operation, like CFB? Is it for speed? Isn't it less secure than CFB
mode?
Emilio Oriente
Sam Simpson
To the best of my knowledge CBC is the best choice for this kind of
application. To quote AC2 'CBC is generally best for encrypting files... If
your application is software-based, CBC is almost always the best choice.'
CFB mode is often used to encrypt less than a whole block of data (e.g. a
byte) - which is not necessary when dealing whole disk sectors.
If CFB was used we would have to be _very_ careful to ensure that a unique
IV is used in all cases, which is a potential problem. Say a user creates
an encrypted disk, writes some data to the disk and then copies the volume
file......The two disks would then be using identical key & IV data which
potentially compromises the security of both disks. Of course, we advise
against copying encrypted volume files anyway, but who can tell what users
will do? CBC doesn't suffer from this problem as the IV doesn't have to be
unique.
When we were implementing the system we were really choosing between CBC or
ECB+OFB. We chose CBC because it looked simpler.....
What makes you think CFB is stronger than CBC????
Sam Simpson,
Comms Analyst
-- See http://www.hertreg.ac.uk/ss/ for ScramDisk, a free virtual disk
encryption for Windows 95/98. PGP Keys available at the same site.
Emilio Oriente wrote in message <35ca45f6...@news.dial.oleane.com>...
Emilio Oriente
Thank you for your accurate comment about the choice of CBC mode in
SCRAMDISK.
I am not a technician. So I have read again the RSA FAQ about modes of
operation. I was misunderstanding about them. You are right.
Emilio Oriente
Sam Simpson
>"Sam Simpson" <ssim...@hertreg.ac.uk> wrote:
>
>>Say a user creates an encrypted disk, writes some data to the disk and
then
>>copies the volume file.
>
>drive.
>
>>The two disks would then be using identical key & IV data which
>>potentially compromises the security of both disks.
>
>wanted to, but that won't help him crack it. If I make a copy of my
>encrypted file for backup, how could that possibly compromise my security?
>I would agree that encrypting multiple copies of the same data with
>different keys or algorithms might be bad, but I don't understand this at
>all. Please explain.
>--
>Mike Naylor - myfirstname...@mail.serve.com
>Play Five by Five Poker at http://www.serve.com/games/
Sorry Mike, perhaps my previous post was not clear. The point was - if you
copy the volume to another location and then start writing to either of the
volumes then this could compromise security (if the system were using CFB).
This is because when you copy a disk the IV & Key data remain static and to
quote AC2 'If the IV in CFB is not unique, a cryptoanalyst can recover the
corresponding plaintext'.
Basically, with CFB 'The IV must be unique', whereas under CBC the IV
_should_ be unique, thus it was decided to use CBC.
Hope this helps,
Richard Mr
Daniel James wrote in message ...<snip>
>
>I imagine that if you were to try selling Scramdisk to Iraq right now
>HMG would be about as pleased as if you were selling howitzers.
>
Anyone in Iraq who is connected to the net can get it for free!
And not just Iraq, but any country. Obviously this also applies to PGP,
etc.
Sh
wrote:
>First, let me thank you again for the great job you did making such a
>program freely available (at perhaps some risk to yourself?). I hope you
>won't misunderstand and get the impression I am attacking you or your
>program. I'm all for useful improvements, we may disagree with what is
>useful and what is safe.
>
>On 24 Jul 1998 05:25:01 -0500, Am...@author.prg (Aman) wrote:
>
>>Some code in the progam to reliably do the job, even surviving a reset
>>or power failure....... :)
>
>What I meant was just changing the passphrase and not changing the
>container secret key. The passphrase can be snagged easily, but ideally the
>container secret key should not be as easily snagged as currently
>implemented (pls see comments on .skf implementation below).
It can be done, but wouldn't allow revokation of skf files...
>
>I believe that changing the passphrase can be done reliably with low risk.
>
>If the container secret key is compromised by unauthorised creation of .skf
>files, the container secret key has to be changed by recreating a new
>container and copying the stuff over, deleting original, filling
>compromised container with large file, then wiping it, and then the
>container from existence.
>
>>But to merely change the passwords, via the key would be snake oil IMV
>>when you consider that the data to open the disk is exportable (with
>>different passwords), via a SKF file. Obviously the owner will know if
>>he's granted access to others, but will he remember it when he changes
>>his passwords ?
>
>In the current implementation, the owner will NOT know if he's granted
>access to others. As long as the .svl file is still mounted, and PC is
>unattended, anyone can walk over launch the scramble program, type in an
>skf password, save the .skf onto a disk, and that person can later mount
>the .svl container. There is NO need to retype the original passphrase at
>all!
To do so, would be snake oil. You would still be able to access the
critical data, anyway _if_ you knew how the program works, and
remember that the source code has been published....
The same person could walk over to your _unattended_ computer, copy
all the precious files out of the container onto a disk, and walk off
with them...... Moral.. don't leave the computer unattended, with
secret files mounted on a scramdisk volume....
However I take your point, that it would be perfectly feaseable to
read the data off all the mounted partitions (in its encrypted form) ,
and then collect all the passwords.... However I've a better idea to
_easily_ implement this:
Allow creation of SVL files only within a particular time within the
mounting.... So to grant access to 4 disks that have been mounted for
(say) 2 hours, you'd have to close them all, re-open them, and create
the SKF file within (say) 1 minute. That way you would have to
re-enter the original passwords. Bear in mind that modified software
would circumvent this however.
>
>I believe the container secret key should not be so easily snagged. Is
>there a way to hide and keep the secret key in ring 0?
>
All such data is in Ring 0 locked memory. However, under some
curcumstances it can be brought to ring 3. Which I'll amend.......
>In fact maybe export of the secret key to skf files or some other way
>should NOT be so easy. Compromise of just one .skf file and password would
>break it all.
>
See later......
>How about if the secret key is only in the container and ring 0 memory? For
>multi user access, perhaps 4 encryptions of the secret key can be allowed
>in a container. So up to 4 different passphrases per container.
>
It should be...
>I'd prefer to keep the secret key at a lower level. Right now it seems to
>be floating close to the top, and easier to skim off.
> With the secret key
>at a lower level, we'll have to rely more on passphrases, if the passphrase
>is compromised we change the passphrase. Whereas if the secret key floats
>up and is skimmed off we have to change the whole container.
>
>There are some interesting concepts of encrypting secret keys used in SFS
>by Peter Gutmann. The partial keys thing is particularly interesting.
>
>Of course Windows may be unable to keep the secret key safe in memory
>anyway, but I think we'll have to keep our fingers crossed in the
>meantime..
Which is why I wan't to device a safe form of disk re-encryption which
can be done on a regular basis, to revoke all SKF files, and to
re-secure the data.... Even then you've got to be sure your system
isn't spooked up.....
>
>>In the mean time, I've been concentrating on IMV more worrying
>>difficulties, such as Skin98 hooking the keyboard and monitoring
>>everything done by windows.....
>
>Yep. There are also hardware keyboard sniffers- plug the sniffer between
>keyboard and PC. Later retrieve sniffer and download the passphrases.
>
>I believe protecting yourself against such software may be extremely
>difficult.
>
Agreed. There isn't really any way it can be done......
>I did a patch to the DOOM Mouse spinner, to support the keyboard. So with
>just a keystroke them keyboarders could flip 180 degrees in DOOM. There
>were people actually claiming that only ID could do it, since DOOM took
>control of the keyboard interrupt etc blahblah. But I just got the mouse
>driver shim to read straight from the keyboard IO port.
>
>Could a background task poll the keyboard IO port directly? Wake up every
>1/50 sec or something. If it's possible, how can a program prevent that
>from happening?
Software probably could, if it was executing at Ring 0 not Ring 3
A good place to put this would be on an interrupt. But you could hang
code on the keyboard IRQ vector anyway...
Win95/8 "virtualises" the IO ports from Ring 3, so what you read from
a port isn't what you got on the _real_ io port.
>
>>Can anyone tell me when I can eat ? I am, after all working totally
>>alone on the coding of this _free_ software, with Sam handling all
>>the public issues such as liason etc.......
>
>Erm, feel free to eat :).
>
>>SKF file, (stored say on a floppy disk) with a much simpler password,
>>(or even none at all) and use _that_ to open the disk instead, by
>>dropping it on the Win32 app panel........
>
>Yeah that's what I don't like :). skf file with NO password.
Thats up to the user.
>
>Eat, keep your strength up. Long journey ahead :).
>
>Cheerio!
>
Regards,
Aman.
Aman
>On Fri, 24 Jul 1998 21:26:48 GMT, nos...@pd.jaring.my (Lincoln Yeoh)
>wrote:
>
>>First, let me thank you again
This has been resent in error. From July!
Don't ask me what happened, but sorry folks!
Regards,
Aman.