Very Computer

        Several years ago, circa the release of the Linux 2.0.11
kernel, A set of patches for Crypto filesystem support _within_ the
kernel were uploaded to a BBS I was on at the time. As I recall (I'm
afraid I've lost the original message text), the patches allowed
IDEA/3DES encrypted ext2 filesystems to be mounted on a standalone
machine without the need to involve any external server daemons such
as NFS (ala CFS) or secondary authentication daemons. Basically, you
had a file system secured from outside server processes with one of
the strongest crytpto algorithms in the world.

        The message was posted (IIRC) to the cypherpunks mailing list,
and was discussed in earnest for some time - the initial
implementation was broken, and had to be further modified to allow
secure operation in IDEA mode.

        It operated like so - You made a raw file of roughly 50-100Mbs
or whatever size you wanted, formatted it, encrypted it with the
commands that came with the patches, and mounted it as a loopback file
system. In essence, it operated much like SecureDrive under MSDOS,
and was an excellent solution for single user workstation security.
The raw files were simply viewed as virtual devices and mounted as
such.

        Unfortunately, the patches proved to be less than portable
with subsequent versions of the kernel source, and so I had to leave
them by the wayside. To this day, I've yet to encounter another set of
tools that offered a similar solution. TCFS is unfortunately a little
above spec for what I need (It is after all, a standalone
workstation), and I wasn't happy with the way CFS could take a dive
very suddenly if the NFS daemon cacked it unexpectedly.

        Iain Goldbeg was involved with the development of the patches
As I recall, but I'm afraid I haven't been able to find any trace of
the original thread anywhere, or any hint of the patches having
existed. I'm going to search the BugTraq archive shortly after this
post, so that may turn up some gold, but in the meantime (and the
eventuality of an unsuccesful hunt) can anyone shed some light on this
or offer some pointers?

Any help, pointers, or info would be more than appreciated,

        Yours

Klaus Fluoride                       http://www.venona.freeserve.co.uk

Andrew

--
Andrew McDonald

http://ban.joh.cam.ac.uk/~adm36/

--

  ftp://ftp.is.co.za/pub/linux/kernel/crypto/
(directory might be wrong, I'm typing out of my memory)

and they apply neatly to kernel 2.0.34, which can be patched to 2.0.35 using
an ordinary linux kernel patch afterwards.

The patches seem to work here.

HTH
Konrad.

PS:
I don't know if you are legally allowed to download any 'dangerous'
software from South Africa. Please care about that yourself if you want to;)

--
 n_n_n_n_n     LOOK, DOGBERT, I'VE INVENTED A MACHINE THAT POSTS USELESS
 |       |   / MESSAGES INTO NEWSGROUPS AND STARTS FLAMEWARS.
 |---()()|  /