(KOH)
---------------------------------
* This software was developed in MEXICO *
INDEX
=====
CHAPTER PAGE
1. Warning 5
2. How KOH Works 6
3. Installation 7
Floppy Disk Installation 7
Hard Disk Installation 8
4. Speed Considerations 12
5. IDEA-Based Cryptography 13
6. Hotkeys 16
7. System Backup 18
8. How do I . . . ? 21
9. If you have problems 23
10. Order Information 25
5
1. WARNING
==========
3. INSTALLATION
===============
FORMAT A: /S /U
KOH A:
When you run KOH, you will be prompted for a pass phrase for
that floppy disk. You should always pick a good pass phrase.
A bad one will seriously compromise security in your system.
If somebody (or somebody's computer) can guess your password,
then you're wide open. See the discussion of pass phrases
below, IDEA-Based Cryptography.
DIR B:
you won't get the directory immediately, like you usually do.
KOH will sense an unencrypted disk in that drive, and encrypt
it before anything else happens. When KOH is done encrypting,
you'll get the directory display just like you usually do,
but now that disk is encrypted. Thus, once you have your
first encrypted disk, making more is very easy.
To install KOH on your hard disk, the first thing you must do
is install it on a floppy disk. Use the instructions above to
do that before proceeding with installation on your hard
disk.
Backing Up
----------
Once you have made a bootable floppy disk with KOH on it,
then you are ready to install it on your hard disk.
BEFORE YOU INSTALL ON YOUR HARD DISK, YOU MUST BACK UP YOUR
COMPUTER!!!
If, rather than booting up, you get an error to the effect of
"Non-system disk" then you may have entered the wrong
pass phrase, so press Ctrl-Alt-Delete and try again.
When KOH loads from the hard drive, it will ask if you want to
encrypt your data now. Again, it's probably a good idea to
test your disk out and answer this question "N" for no. Your
computer should then proceed to boot and operate normally.
After you press ESC, you will be asked for two pass phrases.
One is for the hard disk and one is for your floppy disks.
After you have entered both pass phrases, KOH will proceed to
encrypt your hard disk. This is where you have to just kick
back and wait, as the process can take anywhere from 20
minutes to several hours, depending on how big your hard disk
11
is, and how fast your computer is. Allocate plenty of time to
encrypt, and do not turn the computer off before it finishes
the job and tells you so. If you do, chances are a major
portion of the data on your hard disk will be lost forever!
That's why you want to back up, too. You never know when the
electric company might shut down your computer for you. You
have been warned!!
Note: You can change both the hard disk and floppy disk
pass phrases at a moment's notice by pressing Ctrl-Alt-K,
preferably from the DOS prompt. Then you will be asked to
enter new pass phrases. See Hotkeys for more information.
4. SPEED CONSIDERATIONS
=======================
(2) Upgrade your processor, if you can afford it. The speedup
from the new processor will offset the slowdown from KOH, and
you'll be happier. For example, if you upgrade from a 386SX-
16 to a 486SX-25, you probably won't even notice the
slowdown, and it's not THAT expensive.
If you cannot afford the above solutions and you still can't
live with a slower system, there is one other possibility,
though it is not as secure. You can partition your disk with
a logical drive. For example, if you have an 80 megabyte
drive, create a 20 megabyte partition, and make it your C:
drive, and create a 60 megabyte partition and make it your D:
drive. Now, put all of your programs, and data that is not
sensitive on your D: drive, and put all of your sensitive
data on the C: drive. Then install KOH. KOH will encrypt the
C: drive, but leave the D: drive alone. This means that your
D: drive will be as fast as it was before, and your C: drive
will be slowed down by the encryption routines. All your
programs, etc., will load real fast. The problem here is that
you need to make sure you don't put sensitive data on your D:
drive. Don't ever put it there. Remember that erasing files
doesn't really erase the information. And don't let your
programs create temporary files on your D: drive with
sensitive information in them either. (And that's easier said
than done!!) As I said, this is not really a very good
option, but it can be done.
13
5. IDEA-BASED CRYPTOGRAPHY
==========================
The development team felt the IDEA offered the best security
at present of any known algorithm, for the purposes we have
in mind for KOH, and that includes keeping your private
computer data away from prying government eyes. Since
government has the one-up on everyone else with DES, we felt
IDEA offered a better chance of keeping the playing field
level.
The next point is that you need to watch your floppy disks.
Some people are careful to encrypt some of their data, but
not all of it. Then if they are attacked, the unencryted data
is enough to cause trouble. KOH tries to make encryption as
easy as possible with the auto-migrate feature. It is
recommended that you leave this feature ON at all times,
unless you have a specific task at hand that requires it to
be off. Then turn it off, complete that task, and turn it
back on. That way, everything that touches your computer will
stay encrypted, day in and day out. Make sure you go back to
any old floppies you had before you installed KOH and
encrypt too (just sit down and do directories on them and
they'll get encrypted).
References:
6. HOTKEYS
==========
KOH has three basic hotkeys which you can use to perform
special functions with KOH while it is active in your
computer. These hotkeys are designed to be easy to remember.
They are called up by holding down the Ctrl and Alt keys, and
pressing K, O or H. Let's see what they do:
Ctrl-Alt-K
----------
Changing the floppy disk pass phrase does not change the
pass phrase with which you access a given floppy disk. Once a
floppy has been encrypted using a given pass phrase, it will
always require that pass phrase to be accessed. A new floppy
pass phrase will only take effect on any new floppies you put
in your computer. For example, suppose your floppy pass
phrase is "PHYSICS TEST = 90" and a friend brings a disk over
encrypted with the pass phrase "for MY Friend". You can
change to this floppy pass phrase to read this disk. However,
your usual disks will not be accessible while this pass
phrase is in effect. When you're done with your friend,
you'll want to change back to your original pass phrase so
you can read your own disks again.
tells you that auto-migrate is now on, and the minus tells
you it is off.
If you load KOH from a floppy disk, the change in the status
of auto-migrate is temporary, and effective only as long as
your computer is on. When you reboot, or turn your computer
off and on, KOH will load itself into memory with auto-
migrate on.
If you load KOH from your hard disk, the change in status of
auto-migrate is saved to disk, so that you can turn your
computer off and on again, and if you had auto-migrate off to
start with, it will still be off.
This hotkey un-installs KOH from your hard disk. It will ask
you if you are sure you want to uninstall, and if you answer
"Y", KOH will proceed to uninstall itself. You can uninstall
KOH from a hard drive whether that drive is encrypted or not.
If the drive is encrypted, it may take several hours to
complete the uninstall--as long as it took to install. So
make sure you have enough time to allow KOH to uninstall
itself!
7. SYSTEM BACKUP
================
Now, a lot of people have way too much data to use floppies
to back up, and they use tape drives. KOH will not encrypt
the data on your tape, so you have two options: (1) is to buy
a tape backup program that will encrypt your data. There are
a number on the market that use some form of DES, but none
that I know of which use IDEA. Some use weak forms of DES
too, so beware. The alternative is (2) not to encrypt the
data on your tape. That is, of course, a potential security
hole, unless you hide the tape where no one will ever, ever
find it. Probably getting an air-tight capsule and burying it
somewhere, or keeping it in a safe-deposit box at some
foreign bank would work best. We fully intend to build
modules to allow you to back up to tapes using IDEA, and
working off your KOH key, but these are not available yet.
You can encrypt this master disk with KOH. It will not affect
anything you do if you ever have to restore your hard disk.
Alternatively, you may just want to put the KOH.COM program
on the master disk, and maybe this file as well.
There is one other thing you will want to put on your master
disk. KOH makes your computer system somewhat more
susceptible to damage by computer viruses, because viruses
don't usually know how to handle the encryption routines. For
example, the Stoned virus is fairly benign on most computer
systems. It just displays the message "Your PC is stoned."
now and then. However, if it infects your encrypted computer,
it can totally trash everything in your computer. A small
program VPROTECT has been included with the KOH distribution
package. This creates a special file on your master disk that
is an image of the KOH system areas. You should run it from
your master disk as follows:
VPROTECT
19
VPROTECT /write
Backup to Floppy
----------------
KOH will allow you to backup your hard disk to floppy disks
without compromising security. It can encrypt your backup
floppies just as it encrypts any other floppy. The key to
using KOH effectively in a floppy backup is to use a program
that uses a standard DOS disk format.
Typically, you cannot get a backup file onto the disk without
KOH going there first when auto-migrate is on. Thus, the
process of backing up will be completely transparent, even if
you use disks that have never been encrypted. The one thing
you have to remember is that KOH takes up a small amount of
disk space, so if you have to tell the backup program how big
your diskette is, you should reduce it by about 6 kilobytes.
For example, using ARJ to backup to 1.44 megabyte diskettes
in the B: drive, you would specify
8. HOW DO I . . . ?
===================
If your friend does not have KOH on his computer, you can
still give him an encrypted disk. He will just have to boot
off of it to access it as discussed next . . .
Re-Partition a drive?
---------------------
If you have the Windows 32-bit extensions, you may find that
the disk driver will not load, and suggest that you may have
a virus. Simply ignore this. Our experience is that this
driver has so many problems that you are better off not using
it to begin with, and when it doesn't load, it just allows
the disk to be accessed in the normal way, so you'll never
know it's not there.
SCSI Drives
-----------
The executable files and the KOH.DOC files are freeware and
may be distributed freely. You may order a disk with these
files on them directly from American Eagle Publications. If
you are in a country other than the US, the price is
different, and the software will be sent to you directly from
an overseas affiliate, because we will obey the law here
in the US about not exporting this program. You may also
order a diskette with complete source code on it, if you
prefer. The source IS NOT freeware and MAY NOT be distributed
freely. You must purchase it from American Eagle and you may
not copy it.
Prices
------
Where to Order
--------------
Order from: