DRIVECRYPT - RELEASED ! ! !


We are proud to announce that Shaun Hollingworth, author of "ScramDisk", Paul Le Roux, author of "E4M", and Wilfried Hafner, security consultant, created a new advanced disk encryption system that succeeds both ScramDisk and E4M. The product offers a huge increase in features, performance and stability over its predecessor's products. The new product named "DriveCrypt" offers unparalleled benefits to consumers over competing products such as incorporation of the latest standards (AES, SHA256) state-of-the-art steganograpy (information hiding) capabilities, volume resizing, console lockout functionalities, hotkey support and much more!

"DriveCrypt" will replace ScramDisk and E4M, and is fully backwards compatible with legacy Sramdisk and E4M partitions, WAV containers, normal containers and partitions. The free version of ScramDisk will continue to be available on the ScramDisk web site, but will not be updated beyond it's current release. The free E4M, and the commercial NT version of ScramDisk will be withdrawn.

You can download a demo version of "DriveCrypt", or get more information about the product by browsing to http://www.securstar.com



Scramdisk Introduction

"Mary had a crypto key, she kept it in escrow,
and everything that Mary said, the Feds were sure to know."
-- Sam Simpson, July 9, 1998
Scramdisk is a program that allows the creation and use of virtual encrypted drives. Basically, you create a container file on an existing hard drive which is created with a specific password. This container can then be mounted by the Scramdisk software which creates a new drive letter to represent the drive. The virtual drive can then only be accessed with the correct passphrase. Without the correct passphrase the files on the virtual drive are totally inaccessible.

Once the passphrase has been entered correctly and the drive is mounted the new virtual drive can then be used as a normal drive, files can be saved and retrieved to the drive and you can even install applications onto the encrypted drive.

Scramdisk allows virtual disks to be stored in a number of ways:

  1. In a container file on a FAT formatted hard disk.
  2. On an empty partition.
  3. Stored in the low bits of a WAV audio file (e.g. steganography).

Screen Shots

  1. Main Screen. Click Here.
  2. Creating a disk. Click Here.
  3. Disk properties. Click Here.
  4. Cipher verification. Click Here.

Technical Details

Scramdisk can create virtual disks with a choice of a number of 'industry standard' encryption algorithms: Triple-DES, IDEA, MISTY1, Blowfish, TEA (either 16 & 32 rounds), and Square. It also includes a proprietary and very fast algorithm 'Summer' which is provided for minimal security applications and for compatibility with older versions of ScramDisk. The following table outlines the relative strengths of the above algorithms:
 
Algorithm Block Size (bits) Key Size (bits) Speed (m:s) (P166) Details
3DES (EDE) 64 168 4:05 Link
Blowfish 64 256 0:55 Link
DES 64 56 1:42 Link
IDEA 64 128 1:07 Link
MISTY1 64 128 2:50 Here
Square 128 128 0:39 Link
Summer (Stream) n/a 128 0:31
TEA (16 Rounds) 64 128 0:46 Link
TEA (32 Rounds) 64 128 1:03 Link

All of these algorithms are supported in per-sector CBC mode, using random data for the initialisation vector and pre-encryption whitening values. If this means nothing to you, read Applied Cryptography (or at least the RSA FAQ!). All triple-encryption algorithms (currently only 3DES) are implemented with 3 independent keys used in EDE, Outer-CBC mode. Speed trials were taken copying a 50Mb file from a normal partition to the encrypted disk.

Read the documentation supplied with Scramdisk for exact details of how Scramdisk operates.

Why not use PGP?

PGP is a great program, but it doesn't allow the on-the-fly encryption of a disk's contents. Instead users have to:
  1. Decrypt the existing file
  2. Work on the data
  3. Re-encrypt the data
The problem is, while the file is decrypted it is vulnerable to interception.

Scramdisk is complementary to PGP; PGP is excellent for communication security, but is somewhat lacking user friendliness when used for data storage security.

Why not use x?

If another product meets your needs then use it! Our only motive is to feel that we have contributed something to the cryptographic community. ScramDisk was produced to fill a perceived hole in the market. Other Hard Drive encryption programs exist, but have down-sides. Compare other programs using the rationale in the next section.

What is special about this program?

It is believed that this program is unique for a combination of reasons:
  1. It is a fully functional virtual disk based encryption system that runs under both Windows 95 and Windows 98.
  2. It is free to use with absolutely no restrictions.
  3. The source code is available for peer-review and further program development with very few conditions (See the section License Details).
  4. It has been developed in the UK and, for the time being at least, can be exported electronically from the UK. Even if the law changes in the future, it is hoped that Scramdisk will by then be widely disseminated.
  5. It is computationally infeasible to prove that a large file held on a drive is a Scramdisk virtual disk container without knowing the passphrase. The Scramdisk container files do not have to have a standard file extension and contain no file headers which indicate the file is anything but random data. Use the program DieHard to test the 'randomness' of a Scramdisk virtual disk.
  6. It can be seen as a work in progress. It is hoped that people with the correct skills will take the software and enhance the functionality by adding both new features and new encryption algorithms. The program includes an extensible architecture which enables new algorithms to be added with minimal fuss.
  7. The executable program is very small and can be carried on a 3 1/2" floppy disk.

Why so many algorithms?

When the program was first announced, several users criticised the program because it contains too many algorithms for three main reasons:
  1. Having a large number of algorithms to choose from may confuse users.
  2. It would be better to have a program that implements a few algorithms and works rather than implements loads of algorithms and is more flakey.
  3. No security is afforded by offering more than one algorithm.
Both the author and myself believe that there are good arguments for having plenty of algorithms:
  1. A default option of Blowfish is provided which is a fast and secure block cipher with no known attacks better than brute force despite having been fairly extensively cryptanalysed. If users don't know about all of the different algorithms then this is a reasonable default choice.
  2. All algorithms have been implemented using well-known code from the web, rather than being completely rewritten. It is highly unlikely that any of the code is defective, as all ciphers have been checked against the Test Vectors freely available on the web. Users will be able to check Test Vectors for themselves using a mechanism built into the program.
  3. Even if a defective algorithm was added to the program, it would only cause the program to act improperly when this algorithm is chosen. The security of the system as a whole will not be compromised, only disks created with the algorithm.
  4. We believe that security is certainly added by the inclusion of multiple ciphers. Nowhere on the virtual disk is a record of which algorithm is used to encrypt the disk. Thus someone who wishes to 'crack' an encrypted disk will have to first determine which algorithm is used. Generally, encrypted data looks like random numbers, so doing this is not a trivial task!
  5. In response to iii above; if the program was supplied with one built in cipher and it was later discovered that this cipher was weak then all users of the program would have encrypted disks that were also weak (and the program would be useless until someone added another cipher!). Users of ScramDisk can choose whichever algorithm they have most faith in. The author thought it improper to dictate to all users which algorithm they can use. At least now they have a reasonable choice.
  6. No algorithm is perfect for all situations; some data may just need 'low-security' encryption which is not noticeably slower than no encryption, some situations require a very high level of security. 3DES is arguably the most secure cipher, but is very, very slow, TEA however is the opposite; it is extremely fast, but may not be so secure.
  7. If users have read the above, and still believe that they still only want ScramDisk with one cipher, there is nothing to stop them from removing all the other ciphers and recompiling the program.
We want very much to encourage crypto-programmers to add new algorithms to the program. Especially the nice looking AES candidates (aren't there loads of nice looking candidates actually?) TwoFish, CAST-256 & Serpent immediately spring to mind.

Future developments

There are a number of ways that ScramDisk can be developed further:
  1. Adding additional strong ciphers.
  2. Making a version that works under NT. This will probably be a major task.
  3. Add a feature to do image steganography, in the same way that the current version does WAV steganography. Will probably need to be able 'chain' images into a logical unit....
  4. Add an alternative hash algorithm. Currently the program only supports SHA-1.
If you are interested in further developing the program, either in one of the areas listed above or in another direction, please contact us. We are very keen to co-ordinate the development effort to ensure that each build is free from bugs and, as far as possible, is compatible with other versions. We would also like to keep a definitive version of the program on the web-site (along with any other release builds). Maybe developing ScramDisk further would make an interesting under-graduate final year project?

Flaws in the system (?!)

Scramdisk is not totally secure (and nor is any security program!). There are a number of ways an attacker may try infiltrating your system:
  1. Look for applications that leak data. A very well known word-processor has an interesting bug that leaks parts of the raw contents of the disk when saving an OLE Compound Document.
  2. Look for data that isn't deleted securely. Ok, everyone knows that you can undelete a file easily. Did you know that even a file that has been 'wiped' can potentially be recovered by looking at the surface of the disk. Deleted files should be securely wiped using an appropriate program (PGP v6+ contains a secure file wiping program).
  3. Look for data that has leaked in other ways. Temporary files and the swap file spring to mind. These both need to be securely erased too.
  4. Using Van Eck monitoring. Basically, electrical emissions from the monitor, hard drive and even keyboard can be detected and recorded from a distance away. This may allow an eavesdropper to see what's on your screen or detect your passphrase as you type it.
  5. Brute Forcing. This can happen in a number of ways: they can try brute-forcing your passphrase (its important to use a large passphrase that isn't easily guessed, it helps to use both upper and lower case and numbers as well) or they can try to brute force the algorithm. This is hard work (and will take around 2^127 operations with most of the ciphers included with ScramDisk - DES & Summer are exceptions).
  6. Some of the ciphers included may be susceptible to attacks not known about in public. The NSA/GCHQ *may* have a mechanism faster than brute-force of attacking the algorithms. We have not included any weak algorithms in the original distribution (apart from Summer, which is included for backwards compatibility), but who can tell what the Intelligence Agencies can do with Blowfish, IDEA, 3DES et al?
  7. Install an amended version of ScramDisk on your computer which secretly stores your passphrase so that it can be later read by a CIA agent. (Or use a program like SKIn98 to do it!) Far fetched? Possibly, but you should be aware that this kind of attack exists. There is no real way to defend this attack. Check the PGP Signatures of the ScramDisk files against the executables on your computer, but could your copy of PGP have also been amended?
  8. Beating you until you spill your passphrase. Truth drugs also work, apparently.
The author has done as much as he can; giving you a program which offers ciphers that are believed to be strong, contains no key recovery mechanisms, is distributed with source code so you can independently verify the operation of the program, and offers PGP Signature files so that you can check the authenticity and integrity of the package. The rest is up to you!
hits since March 2, 1999.



Censorship alive and well in the UK!


Last Modified 02 March 99. Copyright SecurStar GmbH, 1999.
SecurStar is the leader for real time hard disk encryption software, computer security, computer security system and security encryption.