[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Stego-empty hard drives... (fwd)



On Mon, 21 Sep 1998, Jim Choate wrote:

> Specificaly I am asking:
> 
> Given a BIOS which has been modified to allow the end-user to select between
> encrypted and non-encrypted operation, how is the end-user supposed to
> make this selection?
> 
> So far I've seen two suggestions:
> 
> 1.	The BIOS is only 'sensitive' at particular points in the POST.
> 
> 2.	The BIOS has a user-accessible selection via some method to
> 	activate their selection.

There's a third option, but it may be a bit more difficult (or not). I'm
not really a hardware person, and it's probably obvious.

3.	Use a "crypto-dongle" similar to what someone here (Mr. Geiger, I
	believe) has come up with. You plug it into the parallel port or
	somewhere else, and the encrypted data is useless once the dongle 
	is removed. I would think that if we plugged this into the bus we
	could have the BIOS remap the IDE routines to some EPROM in that
	dongle. The cryptography could take place there too. If the spooks
	are on to you, you trash the dongle.

This paradigm breaks down when we get into the operating system, though. 
Linux, for instance, apparently disposes of the BIOS and uses its own IDE
driver. I assume that Windows 98 does the same thing. Linux is open
source, so modifications could be made, but Windows would be harder. 

Can someone more knowledgeable comment on this hardware dongle idea as
applied to this problem?