[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SecureDrive 1.2 Distribution Halted



-----BEGIN PGP SIGNED MESSAGE-----

I am (temporarily) stopping further distribution of SecureDrive 1.2,
announced here a few days ago.  The reason is the recent announcement
of a version 1.1 by Mike Ingle which fixes one real bug and one (IMHO)
dubious security "hole" in version 1.0.  My version 1.2 does not have
these changes.  I hope to shortly announce version 1.3 which will
combine the function I added to 1.2, and the fixes Mike has added to
1.1, and a few other enhancements, if time permits.

I was overwhelmed with e-mail requests for 1.2.  I'm grateful for
these, especially the few who offered to place 1.2 on e-mail servers
and anonymous FTP sites. I have kept all your requests and I will
send you all a copy of version 1.3 as soon as it's ready.

I agree with Mike that anyone with more than one physical hard drive
should get version 1.1 now and switch to it.

If you have only one physical hard drive, my recommendation would be
to keep version 1.0 (or 1.2 if you already have it) and wait for
version 1.3.  This especially applies if you have more than a few
SecureDrive encrypted floppy disks, as switching from 1.0 (or 1.2) to
1.1 will require decrypting (with CRYPTDSK 1.0) and re-encrypting
(with CRYPTDSK 1.1) your HD partition and all your encrypted floppies.

The security exposure of all this plaintext data laying around during
conversion is probably more than the so-called "hole" fixed in 1.1.

In my opinion there is no "hole" if you have a good passphrase and
Mike's "fix" is inadequate for a weak passphrase.  It may have some
value for a very narrow range of marginal passphrases.

My apologies for the delay and confusion.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLTqhH94nNf3ah8DHAQEr1QP/eFlyD4Emt643hfkPS6HhCU08C8gF6qFy
OHOw9BaZZxgX23juL6LhKAnlVWOmstWaTiW9/eKJ67gFSabSRBN/YjlP4WWRLtix
naJViHRT7vn4zJvXmfpEsWcz1aDPTPJt4WwvRUvyvsB4bntorAQT5MJnByJFVYXB
mwq92f4gVes=
=zM9w
-----END PGP SIGNATURE-----

--
[email protected] (Edgar W. Swank)
SPECTROX SYSTEMS +1.408.252.1005  Cupertino, Ca