In light of so many questions lately related to encryption filters, I would like to start a very generic encryption FAQ.
Any recommendation on what I should use? I find HTML to be hard for FAQ; thinking of CHM help.
This would lead to a very good source for newcomers.
Of course, this will go as time permits.
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
I have been working with our web maintainers here at OSR central to
establish a Wiki software base for capturing this and other information
(the existing FAQ has not been updated in a long time, partially because
the existing structure doesn’t work so well and doesn’t lend itself to
easily updating it piecemeal.)
I’ll go ask the relevant authorities to see if they have an estimate for
that work because I think that would be the ideal format for this type
of information.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Wednesday, November 08, 2006 4:28 PM
To: ntfsd redirect
Subject: [ntfsd] Encryption FAQ
In light of so many questions lately related to encryption filters,
I would like to start a very generic encryption FAQ.
Any recommendation on what I should use? I find HTML to be hard for
FAQ; thinking of CHM help.
This would lead to a very good source for newcomers.
Of course, this will go as time permits.
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Why not make it a generic active filter instead of just encryption?
Compression and encryption are closely related, though compression does mean
that the file size as it exists on the storage is, I hope, smaller than the
real size of the file. With headers or trailers encryption encounters some
of the same issues as whole file compression. Also denying access or
redirecting a file to another file are also issues about which I have seen a
lot of posts. Luckily with the minifilter swapBuffers, some of the more
difficult questions have been answered.
Are you are planning to answer questions about encryption such as:
How do I store the symmetric encryption key?
How do I create a symmetric encryption key?
How much data should a symmetric encryption key be used to encrypt?
How do I handle cipher block chaining (CBC), or do I need it?
How many bits should the encryption key contain?
If the encryption key is provided by a user prompt, how long should it be
and how to redistribute the bits so it is a strong key?
Should an ADS be used to store the key? What about FAT?
What encryption algorithm should I use?
Should I use the TPM?
How do I identify the encrypted files? What IRP should be used to trigger
the identification? Dispatch or completion?
What data is available in dispatch that will be needed in the completion
routine and also in the converse?
What legalities must I consider in considering the above questions?
Some of the above questions are more important than the mechanics of
implementing an encryption filter/minifilter. I think that initially using
a simple XOR algorithm is good to get the driver working, but it is far too
easy to defeat.
I think a FAQ is a good idea. Using Word or another text editor would be
sufficient, but fancy is OK. Just make it printable in its entirety.
“Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
>
> In light of so many questions lately related to encryption filters, I
> would like to start a very generic encryption FAQ.
> Any recommendation on what I should use? I find HTML to be hard for
> FAQ; thinking of CHM help.
> This would lead to a very good source for newcomers.
>
> Of course, this will go as time permits.
>
> –
> King regards, Dejan
> http://www.alfasp.com
> File system audit, security and encryption kits.
>
>
>
I’m not even planning to write the encryption part of the filter. The other guy I work with can do the encryption. I’m just using the XOR for a test where I XOR my buffer with some single character.
Gosh folks. Everywhere I look, I see simple how to’s like:
how to build in the ddk
how to create a dispatch routine
how to create a dispatch completion routine
and I see info on buffers that appears to be wrong
and much of the driver development stuff is WDM based which doesn’t apply to filter drivers or is for a non-filter driver.
Then, not really knowing much, I start my project and see other’s with the same questions. Where they go, I don’t know? I’ve seen the same 'where is my read buffer" before. The question wasn’t fully answered, but the person asking just vanished?
Maybe I’m being persistent. Is this group like full of people who REALLY know what their doing and then the occasional fool like myself comes by, asks a question, get’s a simple response and moves on never to bother you again?
In short, what *I* would like to see in a FAQ is an example legacy and minifilter both that give you a way to grab a buffer of a file of interest, modify it an any way you want be it encryption, decryption, compression, decompression, etc. and such with explanations on why it’s done.
And yes, I’m hearing about the minifilter. I will look into it more. Seems it may be worth my while after all.
I have a question: Would I be a better overall driver developer by building a legacy driver to do this instead of doing a minifilter?
Is it like a windows developer who knows how to use the WinMain function versus an MFC or even .NET developer who simply generates a form with the IDE and starts programming?
Cool! I guess I can do CHM, putting it online to Wiki will be a few minutes only.
Tony Mason wrote:
I have been working with our web maintainers here at OSR central to
establish a Wiki software base for capturing this and other information
(the existing FAQ has not been updated in a long time, partially because
the existing structure doesn’t work so well and doesn’t lend itself to
easily updating it piecemeal.)I’ll go ask the relevant authorities to see if they have an estimate for
that work because I think that would be the ideal format for this type
of information.Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Wednesday, November 08, 2006 4:28 PM
To: ntfsd redirect
Subject: [ntfsd] Encryption FAQIn light of so many questions lately related to encryption filters,
I would like to start a very generic encryption FAQ.
Any recommendation on what I should use? I find HTML to be hard for
FAQ; thinking of CHM help.
This would lead to a very good source for newcomers.Of course, this will go as time permits.
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
In essence it will be a generic active filter, except a way to store the headers
(I won’t give in that much for free, it took me a year to figure)
As far as encryption related questions go, some minimal questions will be
answered (which mode, why, how - why is XOR filter not useful). I won’t go into how
long a key should be kept and such, those are issues specific to designers of the
system, not to the driver developer.
(An XOR only filter does not care about the file offset and/or block sizes)
“David J. Craig” wrote:
Why not make it a generic active filter instead of just encryption?
Compression and encryption are closely related, though compression does mean
that the file size as it exists on the storage is, I hope, smaller than the
real size of the file. With headers or trailers encryption encounters some
of the same issues as whole file compression. Also denying access or
redirecting a file to another file are also issues about which I have seen a
lot of posts. Luckily with the minifilter swapBuffers, some of the more
difficult questions have been answered.Are you are planning to answer questions about encryption such as:
How do I store the symmetric encryption key?
How do I create a symmetric encryption key?
How much data should a symmetric encryption key be used to encrypt?
How do I handle cipher block chaining (CBC), or do I need it?
How many bits should the encryption key contain?
If the encryption key is provided by a user prompt, how long should it be
and how to redistribute the bits so it is a strong key?
Should an ADS be used to store the key? What about FAT?
What encryption algorithm should I use?
Should I use the TPM?
How do I identify the encrypted files? What IRP should be used to trigger
the identification? Dispatch or completion?
What data is available in dispatch that will be needed in the completion
routine and also in the converse?
What legalities must I consider in considering the above questions?Some of the above questions are more important than the mechanics of
implementing an encryption filter/minifilter. I think that initially using
a simple XOR algorithm is good to get the driver working, but it is far too
easy to defeat.I think a FAQ is a good idea. Using Word or another text editor would be
sufficient, but fancy is OK. Just make it printable in its entirety.
–
King regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
I didn’t really expect you to give it away, but maybe these questions will
get some of those trying this ‘simple’ task more to think about. It would
be nice if just one had a complete design before they started coding. Doing
an XOR is simple but useless for real security, but there are those who only
want the appearance of security.
“Dejan Maksimovic” wrote in message news:xxxxx@ntfsd…
>
> In essence it will be a generic active filter, except a way to store
> the headers
> (I won’t give in that much for free, it took me a year to figure)
> As far as encryption related questions go, some minimal questions will
> be
> answered (which mode, why, how - why is XOR filter not useful). I won’t go
> into how
> long a key should be kept and such, those are issues specific to designers
> of the
> system, not to the driver developer.
> (An XOR only filter does not care about the file offset and/or block
> sizes)
>
> “David J. Craig” wrote:
>
>> Why not make it a generic active filter instead of just encryption?
>> Compression and encryption are closely related, though compression does
>> mean
>> that the file size as it exists on the storage is, I hope, smaller than
>> the
>> real size of the file. With headers or trailers encryption encounters
>> some
>> of the same issues as whole file compression. Also denying access or
>> redirecting a file to another file are also issues about which I have
>> seen a
>> lot of posts. Luckily with the minifilter swapBuffers, some of the more
>> difficult questions have been answered.
>>
>> Are you are planning to answer questions about encryption such as:
>> How do I store the symmetric encryption key?
>> How do I create a symmetric encryption key?
>> How much data should a symmetric encryption key be used to encrypt?
>> How do I handle cipher block chaining (CBC), or do I need it?
>> How many bits should the encryption key contain?
>> If the encryption key is provided by a user prompt, how long should it be
>> and how to redistribute the bits so it is a strong key?
>> Should an ADS be used to store the key? What about FAT?
>> What encryption algorithm should I use?
>> Should I use the TPM?
>> How do I identify the encrypted files? What IRP should be used to
>> trigger
>> the identification? Dispatch or completion?
>> What data is available in dispatch that will be needed in the completion
>> routine and also in the converse?
>> What legalities must I consider in considering the above questions?
>>
>> Some of the above questions are more important than the mechanics of
>> implementing an encryption filter/minifilter. I think that initially
>> using
>> a simple XOR algorithm is good to get the driver working, but it is far
>> too
>> easy to defeat.
>>
>> I think a FAQ is a good idea. Using Word or another text editor would be
>> sufficient, but fancy is OK. Just make it printable in its entirety.
>
> –
> King regards, Dejan
> http://www.alfasp.com
> File system audit, security and encryption kits.
>
>
>
xxxxx@hotmail.com wrote:
Maybe I’m being persistent. Is this group like full of people who
REALLY know what their doing and then the occasional fool like myself
comes by, asks a question, get’s a simple response and moves on never
to bother you again?
Not at all… everyone has to start somewhere. Device driver
programming is a steep learning curve. Starting with an encryption
driver is like scaling a cliff… if you want to keep going with it
then you’ll find lots of help. Do clarify your deadlines though.
I have a question: Would I be a better overall driver developer by
building a legacy driver to do this instead of doing a minifilter?Is it like a windows developer who knows how to use the WinMain
function versus an MFC or even .NET developer who simply generates a
form with the IDE and starts programming?
It’s not the same really - a minifilter isn’t higher level as such (or
at least, not by much), and it’s definately not any kind of RAD. It’s a
different interface onto the same routines. What the minifilter API
does though is take a lot of the tedious housekeeping work out of your
hands. It means there’s less chance to screw up and if the OS updates
(your customer instals Vista, for example) there’s a very good chance
your minifilter will still work unmodified… far less chance for a
legacy filter.
Tony