[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Encrypted file systems
Some more thoughts on encrypted file system design criteria.
A wish list:
- Choice of secret key encryption algorithms (IDEA, 3DES, MDC, Blowfish)
- Multiple architectures (MSDOS, Win31, Win95, WinNT, Unix, Mac)
- High performance (hand optimised assembler for each architecture)
- Ability to chain algorithms (IDEA and then 3DES for example)
- Possible to have encrypted file systems on separate partitions, or
- Encrypted file system located in a file in another file system
(much like DOS stacker drives) this is an ease of use criteria -- I
suspect re-partitioning drives would put off many potential users.
- Ease of use. Graphical user interface for setup and administration
functions, with a very simple set of configurations options
displayed by default, with more advanced configuration options
available in "expert" mode.
- All directory and FAT information should be encrypted, so that
it is not possible to discover even number of files, or percentage
of disk used without the key
- Facility for duress key, with the real data hidden in the unused
space of the first encrypted drive. To increase the plausible
deniability all unused blocks within a file system should be filled
with garbage, so that it is not possible to tell if there is more
- File system steganographically hidden in files on another file
system (encrypted or not). Support for a wide selection of file
formats (Aiff, Wave, Midi, JPEG, GIF, RGB, MPEG).
- Ability to use stegoed file system in files on an unencrypted
file system, and boot from a floppy to access stegoed file system,
with no other traces left on hard disk.
Thought for the day: the main barrier for a Chinese dissident to using
such software is that being caught with a boot floppy with the
software for a stegoed drive would be dangerous. What would solve
this would be if Microsoft, Apple, UNIX vendors, Slackware linux
included this functionality (or this software itself as useful
freeware included with the CD distribution) in their respective O/Ses
as non-optional modules -- that is you get the software installed
whether you want it or not. If everyone has the software, mere
possesion of the software no longer is a problem.
Throw in a few useful utilities, like a steganographic interface to
anonymous remailers, the address of a few ftp/www by email services,
and you have a system with interesting possibilities.
To improve the national security of the US, the NSA should be dropping
CDs with such software (much like war-time propoganda leaflets air
dropped) on undemocratic countries with poor human rights records.
Instead they expend their efforts on ITAR...