From owner-freebsd-security Sat Nov 22 05:52:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id FAA06485 for security-outgoing; Sat, 22 Nov 1997 05:52:16 -0800 (PST) (envelope-from owner-freebsd-security) Received: from iq.org (proff@profane.iq.org [203.4.184.222]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id FAA06459 for ; Sat, 22 Nov 1997 05:51:57 -0800 (PST) (envelope-from proff@iq.org) Received: (qmail 3910 invoked by uid 110); 22 Nov 1997 13:50:23 -0000 Date: 22 Nov 1997 13:50:23 -0000 Message-ID: <19971122135023.3909.qmail@iq.org> From: Julian Assange To: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: cryptographic filing system alpha Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk A few people have been pestering me for an alpha snapshot, so without futher ado: http://underground.org/book/marutukku.tgz This is fully functional, but the build system and documentation is still in state of transition. It has only been tested so far on FreeBSD2.2.2. It is *NOT* user-friendly at this stage. And should *NOT* be distributed. This is not beta software. This is alpha software. Caveat Emptor It comes with rc16, cast-128, idea and blowfish, but will pull in DES, tripple DES, rc4, rc2 and faster versions of the internal ciphers if you have SSLeay installed (which you can find in /usr/ports/security). Compile under freebsd: $ make depend $ make # modload mkernel/maru_mod.o $ cd msetkey # ./mcreate # ./mnewiv # ./maset # newfs /dev/maru0 # mkdir /maru # mount /dev/maru0 /maru $ cd /maru $ ls -la ; whatever $ cd / # umount /maru # cd (wherever)/msetkey # ./mdetach # modunload -n maru_mod man pages (quite brief ones at the moment) are in doc/ you can view these with: make pagename.less I've included two man pages below, which will give you some idea of what is involved. -- Prof. Julian Assange |"Don't worry about people stealing your ideas. If your | Ideas are any good, you'll have to ram them down proff@iq.org | people's throats." -- Stolen quote from Howard Aiken proff@gnu.ai.mit.edu | http://underground.org/book mnewiv(1) mnewiv(1) NAME mnewiv -- Create a new Rubberhose ciphertext descriptor SYNOPSIS mnewiv [-1 key_cipher] [-2 lattice_cipher] [-3 block_cipher] [-b fs_blocksize] [-D depth] [-f] [-d debug_lvl] [maru.iv] DESCRIPTION Create a new maru.iv file. When complete, this file con- tains o Major and minor version numbers, for chronologically shifted compatibility o Cipher description numbers for the Key, Lattice and Block ciphers o Master Key agitation count o File system blocksize (-b) o Depth of the block key generator lattice (-D) o Header checksum before decryption o Master Key agitation checksum o MAX_PASSPHRASE bytes of passphrase salt o MAX_KEY bytes of Master Key salt o Salt for the left and right lattice keys o Initialisation vectors for the lattice o Initialisation vectors for each cryptographic block within the file-system block OPTIONS -1 key_cipher Cipher used for pass-phrase `hashing', master- key decryption and lattice key/table generation. Defaults to rc16 -2 lattice_cipher Cipher used for generating file-system block keys from the lattice. Defaults to CAST-128 -3 block_cipher Cipher used for the encryption and decryption of disk blocks. Defaults to CAST-128 1 mnewiv(1) mnewiv(1) -b fs_blocksize Sets the file-system block size. Ideally this value should exactly equal the bdevsw strategy read/write size as passed in from the calling filesystem. A reasonable value is chosen by default (2048 under FreeBSD), and should be only changed with care. -D depth Specify the depth of the subkey-generation lat- tice. File system block keys are generated from the lattice, such that a lattice of depth n can produce 2^n blockeys. Lattice depth defaults to n = 32, which is acceptable for cipher extents upto 4294967296 file system blocks in size. -d debug_lvl Set the debug level. Level 0 produces no status information ("quiet"), level 1 produces minimal status informatio. Level 2 and above produce additional debugging information. At debugging levels two or greater, the anti-core-dumping and memory-wiping-on-exit features of rubberhose are disabled in other to facilitate post crash anal- ysis. -f Force contiuation on error (where possible, e.g over-write pre-existing files instead of abort- ing). EXAMPLE Example mnewiv $ mnewiv -1 rc16 -2 ssl-des-ede3-cbc -3 ssl-des-ede3-cbc mysexy.iv rubberhose (0.5) (c) 1997 Julian Assange MARUTUKKU truly is the refuge of his land, city, and people. Unto him shall the people give praise forever. Enter new passphrase (128 significant characters): Confirm passphrase: Confirm passphrase (again): Generating 128 pseudo cryptographically random bytes for passphrase salt Generating 256 cryptographically random bytes for maru master key Agitating rc16 key generator state for 5 seconds... 32405 rc16 agitations (6481 per second) Generating 32 pseudo cryptographically random bytes for primary lattice key salt's Generating 512 pseudo cryptographically random bytes for subkey lattice IV's Generating 2048 pseudo cryptographically random bytes for master block IV array Clearing key artifacts Maru IV extent header generation complete. Saving Maru SALT/IV extent header as "mysexy.iv" * MAKE AT LEAST TWO BACKUPS of this file. If a single bit sells out to the dark forces of entropy, your entire maru ciphertext extent will follow suit ENVIROMENT 2 mnewiv(1) mnewiv(1) MARU_PASSPHRASE Use the contents of this variable instead of prompting for a pass-phrase. COPYRIGHT Copyright 1997 Julian Assange , All rights reserved. AUTHOR Julian Assange . SEE ALSO hose(1), mnewiv(1), mcreate(1), mwipe(1), mattach(1), maset(1), msetkey(1), mclearkey(1), mdetach(1), mdecrypt(1), mgetopt(1), msetopt(1), mstats(1), minfo(1), mlist(1). mlist(1) mlist(1) NAME mlist -- List available ciphers SYNOPSIS mlist [-d debug_lvl] [-f] DESCRIPTION List available ciphers OPTIONS -d debug_lvl Set the debug level. Level 0 produces no status information ("quiet"), level 1 produces minimal status informatio. Level 2 and above produce additional debugging information. At debugging levels two or greater, the anti-core-dumping and memory-wiping-on-exit features of rubberhose are disabled in other to facilitate post crash anal- ysis. -f Force contiuation on error (where possible, e.g over-write pre-existing files instead of abort- ing). EXAMPLE Example mlist $ mlist rubberhose (0.5) (c) 1997 Julian Assange Remember - it's called ``Rubber-hose'', but it's pronounced ``Maru-tuk-ku''. name xor cipher_num 13 key_size 128 bits block_size 64 bits state/ksch 4 bytes name idea-cbc cipher_num 2 key_size 128 bits block_size 64 bits state/ksch 432 bytes name cast-cbc cipher_num 1 key_size 128 bits block_size 64 bits state/ksch 132 bytes name ssl-rc2-cbc cipher_num 11 key_size 128 bits block_size 64 bits state/ksch 8196 bytes name ssl-blowfish-cbc cipher_num 5 key_size 448 bits block_size 64 bits 1 mlist(1) mlist(1) state/ksch 8196 bytes name ssl-rc4 cipher_num 12 key_size 2048 bits block_size 0 bits (stream cipher) state/ksch 8196 bytes name ssl-idea-cbc cipher_num 10 key_size 128 bits block_size 64 bits state/ksch 8196 bytes name ssl-des-cbc cipher_num 6 key_size 64 bits (56 bits real) block_size 64 bits state/ksch 8196 bytes name ssl-des-ede-cbc cipher_num 7 key_size 128 bits (112 bits real) block_size 64 bits state/ksch 8196 bytes name ssl-des-ede3-cbc cipher_num 8 key_size 192 bits (168 bits real) block_size 64 bits state/ksch 8196 bytes name ssl-desx-cbc cipher_num 9 key_size 192 bits (168 bits real) block_size 64 bits state/ksch 8196 bytes name rc16 cipher_num 3 key_size 2048 bits block_size 0 bits (stream cipher) state/ksch 131080 bytes ENVIROMENT MARU_PASSPHRASE Use the contents of this variable instead of prompting for a pass-phrase. COPYRIGHT Copyright 1997 Julian Assange , All rights reserved. AUTHOR Julian Assange . SEE ALSO hose(1), mnewiv(1), mcreate(1), mwipe(1), mattach(1), maset(1), msetkey(1), mclearkey(1), mdetach(1), mdecrypt(1), mgetopt(1), msetopt(1), 2 mlist(1) mlist(1) mstats(1), minfo(1), mlist(1).