For those who really do need an encryption filter next month, they are
welcome to come talk to us (or Dejan, or perhaps a few others on
here…) about licensing an existing solution. I can’t speak to other
people’s kits, but I can speak to ours - adding encryption is trivial.
I’ve done it - pick up an AES or Blowfish package, replace our sample
XOR logic in one place, recompile and you are done. You can encrypt.
We allow you to easily compress and encrypt (hey, it’s something like 12
extra lines to add compression before you encrypt - and decompression
after you decrypt, using the standard Windows OS LZW library routines in
the kernel.)
For a demo, you can add the encryption, attach to a volume and anything
you touch magically becomes encrypted - it happens in the background, is
robust and can recover from encryption key changes (think “clear to
encrypted” or “key 1 to key 2”).
But don’t think that a real product is so simple because the problems
don’t even stop there. What we don’t do (because it doesn’t have
anything to do with file systems or filters) is we don’t implement the
POLICY that people want around encryption. “Gee, I just want to encrypt
all WORD documents”. Whatever that means (honestly, to me that should
mean “anything Word touches” but I’m not going to try and solve the “is
this Microsoft Word, or is this some other program called word.exe…”
issue.)
And then there’s key management. And dealing with ways to steal the
information (think “what about the clip board?”) And so on, and so
forth.
While WE focus on why it is difficult to do the file systems piece of a
data encryption product, there are some other very complex issues in the
“what to encrypt” question. I sometimes wonder how long it takes before
people start thinking about THOSE questions because they are focused on
the issues at our level at first…
Bottom line: you need something fast, use someone who already knows how
to do it. If you don’t control the company purse, and the person who
does balks, go through the archives and start finding the numerous
postings on this very topic and tell them: “it might look expensive now,
but a year from now when we’re still trying to make this work right
you’ll appreciate how much cheaper it would have been…”
We might be able to make it easy to do the encryption piece, but you’ll
still have plenty of technical challenges - key management, policy
management, etc.
I’m extremely proud of our Data Modification Kit - it represents
considerable technological innovation in a format intended to allow
people who don’t want to understand the file systems business to do
things they probably never even considered (want streams on FAT? They
are there. Need compression + encryption, they are there. Want to
allow people to transparently encrypt a 17MB file on a 32MB USB drive,
we can do it. We have sparse files on any underlying file system. We
work over the network, we have solutions to the hideous naming problems.
Worried about losing data in the case where the system crashes or
someone yanks the USB drive out while the data is being encrypted?
We’ve thought about it, we make it “just work”. Need to have utilities
to read those files from other OS platforms, we have a nice ‘C’ library
in the kit you can port and use.) Do we want our due from that? Of
course we do. We’re not the cheap kids on the block, most folks know
that. But we support our customers, we’ve been at this a long time, and
we’ll be standing behind you to help YOU get your product out the door -
the biggest problem I have these days with our toolkits (like the FSDK)
is to get people to upgrade to newer releases of the kits.
I try to assist people quite a lot in this forum, but there are things
that I don’t do any more than other people do, like give away my code
for free - I value it, so should you.
'Nuff said. Time to go back to Plugfest so I can answer more questions,
taunt Neal with the depth of my useless NT 4.0 knowledge (yes, the
advanced FCB header WAS in NT 4.0…) and work with our team that is
pushing the DMK through its paces on Windows Vista, interop with other
folks, and expand people’s horizons.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
