💾 Archived View for gemini.spam.works › mirrors › textfiles › computers › DOCUMENTATION › koh.txt captured on 2022-06-12 at 06:34:54.
-=-=-=-=-=-=-
P O T A S S I U M H Y D R O X I D E
(KOH)
Disk Encryption System
Written by "The King of Hearts"
The executable program KOH.COM and this
document file KOH.DOC may be distributed
for free. Please spread them all over
the known universe!
Complete source, or an original
distribution disk is available from:
American Eagle Publications, Inc.
P.O. Box 41401
Tucson, AZ 85717
See the order form at the end of this document.
(C) 1993 American Eagle Publications, Inc.
---------------------------------
* This software was developed in MEXICO *
WARNING: Certain entities who claim civil authority in the
United States consider this to be an export-controlled item
due to the strong cryptography implemented therein. We do not
intend to defy them though their claims to said authority are
somewhat dubious in view of their disdain for the
constitution. This matter you must consider for yourself.
-------------------------------
3
INDEX
=====
CHAPTER PAGE
1. Warning 5
2. How KOH Works 6
3. Installation 7
Floppy Disk Installation 7
Hard Disk Installation 8
4. Speed Considerations 12
5. IDEA-Based Cryptography 13
6. Hotkeys 16
7. System Backup 18
8. How do I . . . ? 21
9. If you have problems 23
10. Order Information 25
5
1. WARNING
==========
This disk encryption system employs a state-of-the-art
encryption algorithm called IDEA in conjunction with a
sophisticated low-level disk intercept to secure your
IBM compatible personal computer system from intrusion.
PLEASE READ THESE INSTRUCTIONS COMPLETELY BEFORE INSTALLING
THIS PROGRAM ON YOUR COMPUTER SYSTEM.
If you do not, you could render all of the data in your
system PERMANENTLY INACCESSIBLE WITHOUT REMEDY!
Secondly, improper installation could leave your computer
system vulnerable to cryto-analytic attack. Although KOH uses
a very good cryptographic algorithm, YOU have a part to play
in making sure you are secure. This manual will tell you how.
In short, take your time, read the manual, and do it right
and you'll be glad you did!
6
2. HOW KOH WORKS
================
Potassium Hydroxide is an on-the-fly disk encryption program.
When you install it, it will encrypt your hard disk (and
floppies) so that all of the information on it will look like
jibberish without the corresponding decryption in place, and
the proper password entered when you start the computer.
KOH hides itself in a small space on your hard disk that is
normally never used, and it is the very first thing loaded
from disk when you turn your computer on. It installs itself
in your computer's memory, and then asks you for a pass
phrase. If you enter the wrong thing, your disk still looks
like jibberish.
Once KOH is installed in memory, it monitors all attempts to
access the disks in your system. Everything that is written
to disk is encrypted by KOH, and everything read from disk
into memory is decrypted. Nothing is ever stored to disk in
an unencrypted form as long as KOH is in the system. Thus, if
you are in a situation where you have a security problem, all
you have to do is turn your computer off, or hit the reset
button, and everything is instantly locked out of the reach
of anyone who doesn't know your pass phrase.
Functionally, KOH works in a manner similar to a computer
virus. It uses "stealth" technology developed by computer
virus writers to hide itself in your computer system's memory
and on its disks. Likewise, it uses technology first
developed by virus writers to help you keep all of your work
encrypted without having to remember to do all the
housekeeping yourself. KOH differs from a virus in that it is
friendly. It doesn't just come along and do something nasty
whether you want it to or not. You remain in control, and KOH
does an important job for you!
This virus technology actually makes KOH a much more
effective program than some other commercial programs. For
example, some programs implement encryption using a device
driver. This, however, makes it impossible to encrypt the
boot-up code, and part of the directory structure. Others
force you to set up a separate partition on your hard disk,
etc., etc. By hiding like a virus, KOH allows you to encrypt
EVERYTHING.
7
3. INSTALLATION
===============
IMPORTANT: Read this section through once from start to
finish and then go through it again, step by step, while
doing what it says.
A. Floppy Disk Installation
---------------------------
There are two ways to put an active copy of KOH on a floppy
disk. The first way we will discuss is to use the KOH.COM
program, provided with this DOC file.
To create a disk encrypted with KOH, you should first create
a bootable floppy of the type used in your A: drive. To do
this, use the command
FORMAT A: /S /U
to format the disk in drive A: and put the system files on
it, so that it can be booted. The /U calls for an
unconditional format, which just wipes out any pre-existing
data on that disk. Once you've done this, simply run the KOH
program as
KOH A:
When you run KOH, you will be prompted for a pass phrase for
that floppy disk. You should always pick a good pass phrase.
A bad one will seriously compromise security in your system.
If somebody (or somebody's computer) can guess your password,
then you're wide open. See the discussion of pass phrases
below, IDEA-Based Cryptography.
After you enter a pass phrase, KOH will proceed to encrypt
this disk and install itself. The process takes a minute or
two. When complete, KOH will inform you that is is done, and
you will find yourself back at the prompt. If you attempt to
do a directory of that floppy now, it will look like pure
gibberish.
Now, if you have a floppy-only computer system, or if you
don't want KOH on the hard disk, you can boot from your newly
created floppy disk. KOH will load itself into memory and
ask you for a pass phrase. Enter the pass phrase, and your
disk will proceed to boot. If you do a directory on it,
you'll see everything there just like you would expect, with
no jibberish. KOH is resident in memory, decrypting the
information on that disk as it is loaded into your computer's
memory. You can turn your computer off at any time, and your
disk will be completely safe from prying eyes.
8
When KOH is resident in memory (loaded by booting off a disk
on which it is installed), you can encrypt new disks with no
trouble at all. All you have to do is do a directory on a
disk, and KOH will automatically encrypt it with the same
password you entered when you started up, and put the
decryption routines on it. For example, if you put a diskette
in your B: drive and type
DIR B:
you won't get the directory immediately, like you usually do.
KOH will sense an unencrypted disk in that drive, and encrypt
it before anything else happens. When KOH is done encrypting,
you'll get the directory display just like you usually do,
but now that disk is encrypted. Thus, once you have your
first encrypted disk, making more is very easy.
If you need to access a diskette WITHOUT automatically
encrypting it (perhaps you are copying a few files from a
friend, and you want to give his disk back), you can easily
turn the auto-migrate feature off by using the hot-key
Ctrl-Alt-O (letter o). When you press this three-key
combination (just like you use Ctrl-Alt-Del to reboot), your
computer will beep and a minus sign "-" will be displayed on
the screen to tell you that auto-migrate is off. Then you can
access floppy disks, and KOH will not attempt to encrypt
them. To turn the auto-migrate feature back on, press
Ctrl-Alt-O again. Your computer will beep and a plus sign "+"
will be displayed to indicate that auto-migrate is on. You
can read more about this feature in the section on Hotkeys.
B. Hard Disk Installation
-------------------------
To install KOH on your hard disk, the first thing you must do
is install it on a floppy disk. Use the instructions above to
do that before proceeding with installation on your hard
disk.
Backing Up
----------
Once you have made a bootable floppy disk with KOH on it,
then you are ready to install it on your hard disk.
BEFORE YOU INSTALL ON YOUR HARD DISK, YOU MUST BACK UP YOUR
COMPUTER!!!
Encrypting your disk is a sensitive process. If the power
were to fail, or if something went wrong half-way through the
process, you could conceivably lose everything you have
stored on your computer. Thus, before you proceed, you must
back up your computer. DO IT NOW. Don't take the chance that
everything will go fine, because you just never can tell.
9
However, obviously, if you make a backup of your computer
now, that backup won't be encrypted. This is a potential
security breach. There are a couple ways to deal with it,
depending on how your computer is configured. I'm going to
assume you haven't been backing up your data regularly,
because most people don't. So first a few instructions on
making a proper backup when using KOH.
The only way to back up your computer and allow KOH to
encrypt the backup for you is to back up onto floppy disks
using a program that does not use a non-standard disk format.
The standard DOS BACKUP utility works fine, as do compression
programs like PKZIP and ARJ, which allow for multi-volume
processing. Get a bunch of floppies, and back up now, before
anything is encrypted. You can encrypt this backup later, if
you want to. For more information about backing up with KOH
in your computer, see the section System Backup in this manual.
Putting KOH on your Hard Disk
-----------------------------
Once backup is complete, you are ready to move KOH to your
hard disk. To install KOH, first put the floppy which has KOH
on it in the A: drive and reboot your computer. The computer
will access the A: drive first, and load KOH into memory. At
this point, KOH will ask you:
KOH-Migrate to hard drive on this computer (please backup)?
At first, answer "N" for no. This is a preliminary test.
First you want to see if your KOH-ed floppy will work. Then you
will be asked for a pass phrase. Enter the pass phrase you
chose for the disk when you made it. Next, the disk should
boot, and you should have an A: prompt. You should be able to
do a directory of the hard disk, etc., without problems.
If, rather than booting up, you get an error to the effect of
"Non-system disk" then you may have entered the wrong
pass phrase, so press Ctrl-Alt-Delete and try again.
After successfully booting your floppy under KOH, you can do
a directory of it, and you will see everything that was on it
just like it was before you encrypted. Now we're ready to
install on the hard disk. Press Ctrl-Alt-Delete and allow the
computer to boot from the floppy again. Now, when it asks you
about migrating to the hard drive, answer "Y" for yes. Again,
you will be asked for a password. You don't really need to
enter it, because once it's asked, KOH is already on your
hard disk. So you can just press Ctrl-Alt-Delete again, and
take the floppy out of the A: drive so your system will boot
from the hard disk.
10
When KOH loads from the hard drive, it will ask if you want to
encrypt your data now. Again, it's probably a good idea to
test your disk out and answer this question "N" for no. Your
computer should then proceed to boot and operate normally.
The Secret Key
--------------
After you've seen that your computer is still working, it is
time to encrypt. Press Ctrl-Alt-Delete once more, and when
you're asked if you want to encrypt, answer "Y" for yes. KOH
will then ask you to start pressing keys. This is a critical
part of generating a good encryption key, and it's important
not to slacken up here and try to rush the process. You'll
have to press about 128 keys to get through this part. To do
it right will take a few minutes. CHOOSE KEYS ON YOUR
KEYBOARD COMPLETELY AT RANDOM AND PRESS THEM SLOWLY. Use all
of the keys on your keyboard too. If you try to rush this,
you're only compromising the security of the random key which
is being generated, and it is your own loss. Once the
computer has enough keystrokes, it will beep and ask you to
press the ESC key to continue.
After you press ESC, you will be asked for two pass phrases.
One is for the hard disk and one is for your floppy disks.
The Hard Disk Pass Phrase
-------------------------
Chose a hard disk pass phrase carefully. It needs to be
something that cannot be easily guessed, yet something you
can remember, and it can be any combination of keystrokes up
to 128 characters. This pass phrase is what you will enter
into the computer every time you turn it on from now on.
See IDEA-Based Cryptography for more information on picking a
good pass phrase.
The Floppy Disk Pass Phrase
---------------------------
The pass phrase for the floppy disk will be completely
invisible after you enter it. It is stored (encrypted) on
your hard disk in a special area, and you will not normally
need to enter it. However, since you are liable not to use it
for long periods of time, make sure it is something you will
remember--or save it somewhere on your *encrypted* hard disk.
You will need it if you boot off of an encrypted floppy, or
wish to access that floppy from another machine.
After you have entered both pass phrases, KOH will proceed to
encrypt your hard disk. This is where you have to just kick
back and wait, as the process can take anywhere from 20
minutes to several hours, depending on how big your hard disk
11
is, and how fast your computer is. Allocate plenty of time to
encrypt, and do not turn the computer off before it finishes
the job and tells you so. If you do, chances are a major
portion of the data on your hard disk will be lost forever!
That's why you want to back up, too. You never know when the
electric company might shut down your computer for you. You
have been warned!!
Note: You can change both the hard disk and floppy disk
pass phrases at a moment's notice by pressing Ctrl-Alt-K,
preferably from the DOS prompt. Then you will be asked to
enter new pass phrases. See Hotkeys for more information.
Note that KOH only encrypts the presently-active partition on
your physical hard disk. Thus, if you have your computer set
up with two logical drives, C: and D:, only the C: drive will
be encrypted. The D: drive will not get encrypted. If you
want everything encrypted, then you must set your hard disk
up with a single partition if it is not already. (Use the
FDISK program, supplied with DOS, to determine how many
partitions you have if you do not know.)
At this point KOH is completely installed on your hard disk.
The next time you start your computer, you will be prompted
for a pass phrase. Enter it right, and your computer
will start right up. Enter it wrong, and you cannot get in!
NOTE: If you are installing on a SCSI drive, read the
section in "What To Do If You Have Problems" concerning SCSI's
before you install. That will help you to avoid surprises
with SCSI's, which can be a bit more complex than ordinary
drives.
12
4. SPEED CONSIDERATIONS
=======================
KOH requires a considerable amount of overhead to do
encryption and decryption on the fly. You are bound to notice
a slow-down in disk accesses after you install KOH. That is
always something that's hard to get used to. These are the
breaks of using on the fly encryption, and the better your
encryption algorithm, the more overhead it takes.
To minimize the impact of the slowdown, I recommend two
things:
(1) Install a disk cache in memory--as big as you can afford.
A caching controller will not do the job, because that cache
lives on the other side of KOH. You need just an ordinary
cache that resides in system memory, preferably one that
caches reads and writes. (The standard MS-DOS cache works
just fine.) This will keep data cached in an unencrypted
state so that accessing it does not require calling IDEA. You
may want to install some more memory so you can make your
disk cache bigger.
(2) Upgrade your processor, if you can afford it. The speedup
from the new processor will offset the slowdown from KOH, and
you'll be happier. For example, if you upgrade from a 386SX-
16 to a 486SX-25, you probably won't even notice the
slowdown, and it's not THAT expensive.
If you cannot afford the above solutions and you still can't
live with a slower system, there is one other possibility,
though it is not as secure. You can partition your disk with
a logical drive. For example, if you have an 80 megabyte
drive, create a 20 megabyte partition, and make it your C:
drive, and create a 60 megabyte partition and make it your D:
drive. Now, put all of your programs, and data that is not
sensitive on your D: drive, and put all of your sensitive
data on the C: drive. Then install KOH. KOH will encrypt the
C: drive, but leave the D: drive alone. This means that your
D: drive will be as fast as it was before, and your C: drive
will be slowed down by the encryption routines. All your
programs, etc., will load real fast. The problem here is that
you need to make sure you don't put sensitive data on your D:
drive. Don't ever put it there. Remember that erasing files
doesn't really erase the information. And don't let your
programs create temporary files on your D: drive with
sensitive information in them either. (And that's easier said
than done!!) As I said, this is not really a very good
option, but it can be done.
13
5. IDEA-BASED CRYPTOGRAPHY
==========================
IDEA stands for International Data Encryption Algorithm. It
was developed in the 1980's in europe as an alternative to
the US government developed DES (Data Encryption Standard)
algorithm.
Most good commercial encryption programs use DES at present.
DES has been proven to be a pretty good algorithm by the
academic crypto community, however quite a few people are
suspicious about it because it was developed by the US
government and the National Security Agency. Although perhaps
quite suitable for civilian use 99.99% of the time, there is
always that lurking suspicion that the NSA knows how to crack
it. Additionally, DES uses a 56 bit key (7 byte). As
computers become more and more powerful, it is possible that
a brute-force attack against DES would be possible at a
reasonable cost. By a brute-force attack, I mean you just set
up a computer to try every possible 7 byte key until you get
the right one. That could be only a few years away, as
computer technology is improving so rapidly.
IDEA offers an alternative. Developed by the academic
community, it does not carry with it the suspicions of an
algorithm developed by a super-secret government agency. It
has proved to be a good algorithm without inherent
weaknesses. However, IDEA is still rather young--much younger
than DES. Thus, it is possible that someone could find a
weakness and prove it's not so good after all. That has not
happened to date, and it's a calculated risk you have to take.
Also, the IDEA employs a 128 bit key (16 byte). This larger
key makes a brute-force attach MUCH more difficult, and
removes it from the realm of possibility for a long time to
come.
The development team felt the IDEA offered the best security
at present of any known algorithm, for the purposes we have
in mind for KOH, and that includes keeping your private
computer data away from prying government eyes. Since
government has the one-up on everyone else with DES, we felt
IDEA offered a better chance of keeping the playing field
level.
The IDEA algorithm can be operated in several modes. We use
the Cipher Block Chaining mode, because this is the most
secure, and it makes sure that, even if two blocks of data on
your disk contain the same unencrypted data, they'll look
completely different when encrypted.
As with all cryptography, even a strong algorithm can be
broken easily if you aren't careful about your password. I
know hackers who can get into all kinds of computer systems
14
with the greatest of ease, simply because people choose
passwords that are easy to guess. The famous Internet Worm
had a list of passwords in it--about a hundred words--which
are used by at least one user on over 90% of all computer
systems. Now just about anybody can sit down and try 100
different words that you're likely to use for a password!
I recommend you don't use a word at all. KOH gives you up to
128 characters for the pass phrase. They can be any
combination of (case sensitive) letters, numbers and
punctuation. USE THEM. If you just use one word, I can write
a computer program in about ten minutes that will test every
word in the dictionary against your passphrase. And it can
find your "secret" word in about ten minutes. At least use a
phrase. Definitely use punctuation. Maybe use unusual
capitalization rules. Probably you should include at least
one nonsense word. By all means don't quote your favorite
book.
What ever you do, remember that if somebody wants to crack
your pass phrase, it's not just some guy sitting there trying
to dream up good guesses. It's a guy with a computer that can
make a million guesses an hour. Make sure that even if you
could make a million guesses an hour, it would take forever
to get the right one. That may sound intimidating, but it's
not really. Chosing 5 random words from a dictionary of
100,000 means you have about 10,000,000,000,000,000,000,000,000
possibilities and even at 1,000,000 an hour, the universe
will collapse before you get done. Adding an unnecessary
exclamation point at the end makes the job all that more
difficult.
You should be getting the point: Give some thought to your
pass phrase.
The next point is that you need to watch your floppy disks.
Some people are careful to encrypt some of their data, but
not all of it. Then if they are attacked, the unencryted data
is enough to cause trouble. KOH tries to make encryption as
easy as possible with the auto-migrate feature. It is
recommended that you leave this feature ON at all times,
unless you have a specific task at hand that requires it to
be off. Then turn it off, complete that task, and turn it
back on. That way, everything that touches your computer will
stay encrypted, day in and day out. Make sure you go back to
any old floppies you had before you installed KOH and
encrypt too (just sit down and do directories on them and
they'll get encrypted).
Note that the IDEA algorithm is patented by a group in
Switzerland. There is no license fee required for non-
commercial use. For commercial use, you'll have to contact
the patent holder. Since this program is freeware, we don't
15
handle license fees. Contact Dieter Profos, Ascom-Tech AG,
Solothurn Lab, Postfach 151, 4502 Solothurn, Switzerland for
information.
References:
Xuejia Lai, "On the Design and Security of Block Ciphers",
Institute for Signal and Information Processing, ETH-Zentrum,
Zurich, Switzerland, 1992
Xuejia Lai, James Massey, Sean Murphy, "Markov Ciphers and
Differential Cryptanalysis", Advances in Cryptology,
Eurocrypt 1991.
16
6. HOTKEYS
==========
KOH has three basic hotkeys which you can use to perform
special functions with KOH while it is active in your
computer. These hotkeys are designed to be easy to remember.
They are called up by holding down the Ctrl and Alt keys, and
pressing K, O or H. Let's see what they do:
Ctrl-Alt-K
----------
This hotkey allows you to change your system pass phrases. As
you will recall, if you booted from a hard disk, there is a
hard disk pass phrase and a floppy disk pass phrase. If you
booted from a floppy disk, there is only a floppy disk pass
phrase. KOH will allow you to change whatever pass phrases
are appropriate.
Changing the hard disk pass phrase is permanent, and allows
you to access that hard disk only by entering the new pass
phrase when you start the computer. It takes only a few
seconds to change this pass phrase, as KOH does not need to
decrypt and encrypt the whole disk to make it effective. You
will want to change the hard disk pass phrase any time you
believe the security of your old pass phrase has been
compromised.
Changing the floppy disk pass phrase does not change the
pass phrase with which you access a given floppy disk. Once a
floppy has been encrypted using a given pass phrase, it will
always require that pass phrase to be accessed. A new floppy
pass phrase will only take effect on any new floppies you put
in your computer. For example, suppose your floppy pass
phrase is "PHYSICS TEST = 90" and a friend brings a disk over
encrypted with the pass phrase "for MY Friend". You can
change to this floppy pass phrase to read this disk. However,
your usual disks will not be accessible while this pass
phrase is in effect. When you're done with your friend,
you'll want to change back to your original pass phrase so
you can read your own disks again.
Ctrl-Alt-O (Remember O = On/Off)
----------
This hotkey turns KOH's auto-migrate feature on and off.
Auto-migrate is the feature that causes KOH to automatically
encrypt floppy disks that are put in your computer.
The hotkey acts as a toggle. If auto-migrate is on, the
hotkey turns it off, and vice-versa. To tell you what just
happened when you press this key combination, KOH makes your
computer beep and displays a "+" or a "-". The plus sign
17
tells you that auto-migrate is now on, and the minus tells
you it is off.
If you load KOH from a floppy disk, the change in the status
of auto-migrate is temporary, and effective only as long as
your computer is on. When you reboot, or turn your computer
off and on, KOH will load itself into memory with auto-
migrate on.
If you load KOH from your hard disk, the change in status of
auto-migrate is saved to disk, so that you can turn your
computer off and on again, and if you had auto-migrate off to
start with, it will still be off.
Ctrl-Alt-H (Remember H = Hard disk uninstall)
----------
This hotkey un-installs KOH from your hard disk. It will ask
you if you are sure you want to uninstall, and if you answer
"Y", KOH will proceed to uninstall itself. You can uninstall
KOH from a hard drive whether that drive is encrypted or not.
If the drive is encrypted, it may take several hours to
complete the uninstall--as long as it took to install. So
make sure you have enough time to allow KOH to uninstall
itself!
When uninstalling, the same considerations apply as when
installing. In other words, make sure you back your system
up. If you lose power during the uninstall process, you could
lose everything on your hard disk.
To uninstall, you must have booted your system with KOH
installed on the hard disk. If you can't remember the pass
phrase, this will NOT help you out.
You cannot un-install KOH on a floppy disk. If you want to
get the encryption off of a floppy, the only way to do it is
to copy it all to an unencrypted disk (with auto-migrate
off, if KOH is active in your computer).
18
7. SYSTEM BACKUP
================
Here I want to explain how to do a proper backup when KOH is
installed on your hard disk, and keep your data private in
the process. I am going to discuss two things: (1) Making a
master backup disk, and (2) backing up all of your data to
floppy disks.
Now, a lot of people have way too much data to use floppies
to back up, and they use tape drives. KOH will not encrypt
the data on your tape, so you have two options: (1) is to buy
a tape backup program that will encrypt your data. There are
a number on the market that use some form of DES, but none
that I know of which use IDEA. Some use weak forms of DES
too, so beware. The alternative is (2) not to encrypt the
data on your tape. That is, of course, a potential security
hole, unless you hide the tape where no one will ever, ever
find it. Probably getting an air-tight capsule and burying it
somewhere, or keeping it in a safe-deposit box at some
foreign bank would work best. We fully intend to build
modules to allow you to back up to tapes using IDEA, and
working off your KOH key, but these are not available yet.
The Master Disk
---------------
A master disk is a bootable disk with enough software to get
your computer up and running again in the event of a disk
crash. At the very least, you should have a bootable disk
with FDISK, FORMAT and SYS, as well as the program you need
to restore your backup from the backup floppies, or the tape
drive.
You can encrypt this master disk with KOH. It will not affect
anything you do if you ever have to restore your hard disk.
Alternatively, you may just want to put the KOH.COM program
on the master disk, and maybe this file as well.
There is one other thing you will want to put on your master
disk. KOH makes your computer system somewhat more
susceptible to damage by computer viruses, because viruses
don't usually know how to handle the encryption routines. For
example, the Stoned virus is fairly benign on most computer
systems. It just displays the message "Your PC is stoned."
now and then. However, if it infects your encrypted computer,
it can totally trash everything in your computer. A small
program VPROTECT has been included with the KOH distribution
package. This creates a special file on your master disk that
is an image of the KOH system areas. You should run it from
your master disk as follows:
VPROTECT
19
It will create a file VPROTECT.DAT on your master disk. In
the event your computer is attacked by a virus, or the system
areas are damaged for any other reason, you should run
VPROTECT /write
from your master disk to restore the system areas on your
hard disk. Once this is done, KOH will have the decryption
keys restored and everything necessary to hand over control
to DOS. Obviously, if a virus trashes more data on your
computer than just this system area, you'll have to deal with
that in other ways.
Backup to Floppy
----------------
KOH will allow you to backup your hard disk to floppy disks
without compromising security. It can encrypt your backup
floppies just as it encrypts any other floppy. The key to
using KOH effectively in a floppy backup is to use a program
that uses a standard DOS disk format.
A fine way to back up without using an excessive number of
disks is using the PKZIP/PKUNZIP programs or the ARJ program.
I'll describe this process in case you want to use it. Also,
the considerations discussed in using ARJ with KOH will
apply to other backup programs as well.
Typically, you cannot get a backup file onto the disk without
KOH going there first when auto-migrate is on. Thus, the
process of backing up will be completely transparent, even if
you use disks that have never been encrypted. The one thing
you have to remember is that KOH takes up a small amount of
disk space, so if you have to tell the backup program how big
your diskette is, you should reduce it by about 6 kilobytes.
For example, using ARJ to backup to 1.44 megabyte diskettes
in the B: drive, you would specify
arj a -r -v1430000 b:backup c:\*.*
This tells ARJ to create the archive BACKUP on the B: drive
and use a volume size of 1.43 megabytes, and to recurse
subdirectories (so your whole disk is backed up). Just
execute this and everything will work fine.
One thing to be aware of is that some backup programs will
allow you to optionally format the floppy disks as you go
through the backup. Turn this option off, because it will
invariably confuse KOH. Format your floppies before you do
the backup.
Note: You can still use a backup program that uses non-
20
standard disk formats (like some versions of Fastback and PC
Tools) with KOH, you just can't encrypt with KOH. To use
these kinds of programs without confusing KOH, turn auto-
migrate off before backing up using the hotkey Ctrl-Alt-O.
21
8. HOW DO I . . . ?
===================
Here I'd just like to answer a few common questions.
Format floppy disks?
--------------------
Formatting floppy disks is one process that wipes out the
boot sector on a disk, obliterates data, and re-organizes the
FAT table. Furthermore, there are many different ways this
can be done. KOH cannot possibly anticipate all the possible
ways this happens. As such, a little more care must be taken
when formatting floppy disks when KOH is resident.
First of all, if you use DOS 5 or greater, the FORMAT program
doesn't always really format. This fake-format is a sure way
to confuse KOH--but that is just as well, because it is also
a great way to compromise your valuable data. When KOH is
installed, it is recommended that you only use a REAL format.
For DOS 5 and up, this is accomplished by using the /u
switch. For example, to format the disk in A:, type
"FORMAT A: /U". If you use something other than the standard
DOS format, you should experiment first to see what it does.
As a safety, to make sure you get a clean, unformatted disk
when formatting, KOH disables encryption to floppy disks as
soon as it sees formatting take place. To remind you that
encryption was turned off by formatting, every time you
access a floppy disk, you will hear a series of beeps. The
only way to start encryption back up after a format is to
reboot.
Share an encrypted disk with a friend?
--------------------------------------
If your friend has KOH on his computer, you can temporarily
change the pass phrase on a floppy disk to an agreed upon
phrase, and then give it to him. He can then temporarily
change to that password to get at the data. I do not
recommend you make your standard floppy pass phrase public.
That defeats its purpose.
If your friend does not have KOH on his computer, you can
still give him an encrypted disk. He will just have to boot
off of it to access it as discussed next . . .
Access data from a machine that doesn't have KOH installed?
-----------------------------------------------------------
Suppose you go somewhere and you have encrypted disks. You
want to access them, but the machine you are at doesn't even
have KOH installed. How can you get to the data?
22
Since KOH usually copies itself to disks that it encrypts,
you can boot off of those disks to load KOH into memory. If
your floppy disk is a boot disk, fine, that is all you need
to do. But what if it isn't? You should still boot off of
that disk, and tell KOH to migrate to the hard disk. KOH will
then ask for a pass phrase. Instead of entering it, just
reboot. When you reboot, boot off of the hard disk (don't
encrypt it unless you really want to do all that) and enter
the pass phrase that your floppy is encrypted with. Now you
should be able to access that floppy disk. When you're done,
just uninstall KOH using the hotkey Ctrl-Alt-H. The uninstall
will only take a second since the hard disk is not encrypted.
Re-Partition a drive?
---------------------
Changing the partition information on a drive is such a
drastic change that you should completely uninstall KOH
before changing the partitions, and then re-install when you
are done.
Install Windows or a disk compression utility?
----------------------------------------------
You can install Windows or a disk compression utility like
DOS' own, or Stacker, just as you ordinarily would. KOH is
fully compatible with both.
If you have the Windows 32-bit extensions, you may find that
the disk driver will not load, and suggest that you may have
a virus. Simply ignore this. Our experience is that this
driver has so many problems that you are better off not using
it to begin with, and when it doesn't load, it just allows
the disk to be accessed in the normal way, so you'll never
know it's not there.
Install OS/2 (or Unix)?
-----------------------
At present, KOH is not compatible with advanced operating
systems which do not go through the system BIOS to access the
disk, and it is not compatible with IBM's boot manager. We
intend to create drivers to make it work seamlessly
with these operating systems eventually. Also, we are going
to make a boot manager that will work with KOH available very
soon. If you are interested, please contact American Eagle
Publications at the address below.
23
9. IF YOU HAVE PROBLEMS
=======================
There are a number of known problems that you may encounter
when you use KOH. Some of these have nothing to do with KOH
and can't be fixed at our end. I'll explain what I know
about. If you run into a bug that you don't know how to fix,
write to American Eagle Publications at the address below.
No Room for KOH
---------------
If you have used non-standard partitioning software, your
hard disk may not be able to hold KOH properly in its
reserved area. In this event, KOH will tell you there is no
room on the hard disk for it, and it will not install itself.
To make your disk accept KOH, you must re-partition your
drive with the standard DOS FDISK program, and then re-
install. Realize that running FDISK will certainly wipe out
all the data on your computer, so you'd better have backed
up.
Keyboard BIOS Bugs
------------------
Some AMI (and probably other manufacturers) keyboard BIOS's
don't seem to work very well in real mode. Now, typically you
never notice this, because you load HIMEM.SYS, or some other
memory manager into your computer's memory when you boot, and
the processor goes almost immediately into protected mode.
Since KOH takes control before any device drivers, it always
operates in real mode. Thus this bug could manifest on you
now even though you've never seen it before. What you'll
experience is a difficulty in entering your pass phrases
properly, and there is practically nothing you can do about
it. You'll never get through to anyone at the manufacturer
who will believe you. Personally, I recommend you replace you
keyboard BIOS with a Phoenix chip if you run into this
problem. (The keyboard BIOS and the BIOS are NOT the same
thing. The keyboard BIOS is implemented in an 8042 chip.)
Some XT hard disks time out loading DOS 6
-----------------------------------------
Anyone who wants to use KOH on an XT based machine CAN do so.
There is nothing in the software to prevent it from working.
However, it's incredibly SLOOOOOW. You may find out that your
operating system will time-out when loading. I know for a
fact that MS-DOS 6.2 will time out on some XTs. And I know
you can get MS-DOS 3.3 to load properly. I'd really recommend
you upgrade your motherboard--it's so inexpensive. But if you
must run this on an XT, then you may have to experiment with
which version of DOS to run. If it doesn't load, try a
different version.
24
Password Doesn't Seem to Work
-----------------------------
If your password doesn't appear to work the first time you
try to use your computer after encrypting, you may have
entered it wrong. Remember your password is case sensitive.
Could the CAPS LOCK or NUM LOCK key have been active when you
originally entered your password. Could you have capitalized
a word? Try the different possibilities. If all else fails,
start over from scratch.
SCSI Drives
-----------
Some SCSI drives use installable device drivers in addition
to the ROM BIOS on the SCSI card. Sometimes these drivers can
cause problems because they are vendor specific and they can
manipulate the ROM BIOS in unfriendly ways. Specifically,
they may replace it entirely, and bypass the KOH decryption
algorithms. Then your disk may look like trash as soon as
the driver loads. Alternatively, they may hook it in some
funny way, so, for example the hot keys won't work properly
when they are installed. To avoid such problems when
installing KOH, it is recommended that you first remove all
such drivers (from CONFIG.SYS) and then install KOH with your
SCSI drive relying purely on the ROM BIOS. Next, put your
drivers back in, one at a time, and make sure KOH is still
working.
25
10. ORDERING INFORMATION
========================
The executable files and the KOH.DOC files are freeware and
may be distributed freely. You may order a disk with these
files on them directly from American Eagle Publications. If
you are in a country other than the US, the price is
different, and the software will be sent to you directly from
an overseas affiliate, because we will obey the law here
in the US about not exporting this program. You may also
order a diskette with complete source code on it, if you
prefer. The source IS NOT freeware and MAY NOT be distributed
freely. You must purchase it from American Eagle and you may
not copy it.
Prices
------
KOH Distribution Disk Source Disk
--------------------- -----------
US $10 $20
Non-US $20 $30
Please send check, cash or money order, or your VISA or MC
number and expiration date. Overseas customers may send US $
or the equivalent in your currency. All prices are postpaid.
Where to Order
--------------
Order from:
American Eagle Publications, Inc.
P.O. Box 41401
Tucson, AZ 85717
(602)888-4957