Fellow Cypherpunks, KOH is a virus that is also a disk encryptor. Bill Stewart writes that my reference is dangerous and unreliable. Hey Bill, I'm a good guy, I've just fallen in with bad associates:-) KOH does not presently infect without permission. "...KOH is very polite and always asks the user if he wants it to migrate to the hard disk." However, this is easy to change. KOH comes with source code and includes the IDEA algorithm. It is written in 16 bit assembler. It has a very compact and fast IDEA algorithm that makes up the file KOHIDEA.ASM. The crypt freaks might be interested in obtaining this file. Also they may be interested in the random number generator file: RAND.ASM . KOH is made up of several files: KOHIDEA.ASM, KOH.ASM (the main file), FATMAN.ASM, PASS.ASM, and RAND.ASM. It is suggested that the TASM assembler be used to assemble it. >From the book: The GIANT BLACK BOOK of COMPUTER VIRUSES: by Dr. Mark Ludwig http://www.logoplex.com/resources/ameagle QUOTE KOH is a boot sector virus which will encrypt a partition on the hard disk as well as all the floppy disks used on the computer where it resides. "KOH" is a multi-sector boot sector virus that makes no attempt to hide itself with stealth techniques. (It could use a little more work - GLJ). Because KOH has been available as freeware for some time, users have provided lots of feedback regarding its compatibility with various systems and software. That's a big deal with systems level software. As a result, KOH is probable one of the most compatible viruses ever developed. most just don't get that kind of critical testing from users. Why a Virus? Encrypting disks is, of course, something useful that many people would like to do. The obvious question is, why should a computer virus be a preferable way to accomplish this task? Why not just conventional software? There are two levels at which this question should be asked: 1. What does virus technology have to contribute to encryption and 2. What does self-reproduction accomplish in carrying out such a task? Let's answer these questions: 1. VIRUS TECHNOLOGY If one wants to encrypt a WHOLE disk, including the root direct- tory, the FAT tables, and all the data, a boot sector would be an ideal approach. It an load before even the operating system boot sector 9or master boot sector0 gets a chance to load. No software that works at the direction of the operating system and, say, a device driver, at least the root directory and the FAT must be left unencrypted, as well as operating system files and the encrypting device driver itself. Leaving these areas unencrypted is a potential security hold which could be used to compromise data on the computer. By using technology originally developed for boot sector viruses (e.g. the ability to go resident before DOS loads), the encryption mechanism lives beneath the operating system itself and is completely transparent to this operating system. All of every sector is encrypted without question in an efficient manner. If one's software doesn't do that, it can be very hard to determine what the security holes even are. 2. SELF-REPRODUCTION The KOH program also acts like a virus in that-if you choose-it will automatically encrypt and migrate to every floppy disk you put in your computer to access. This feature provides an important house- keeping function to keep your environment totally secure. You never need to worry about whether or not a particular disk is encrypted. If your've ever accessed it at all, it will be. Just by normally using your computer, everything will be encrypted. Furthermore, if you ever have to transport a floppy disk to another computer, you don't have to worry about taking the program to decrypt with you. Since KOH is a virus, it puts itself on every disk, taking up a small amount of space. So it will be there when you need it. This auto-encryption mechanism is more important than many people realize in maintaining a secure system. Floppy disks can be a major source of security leaks, for a number of reasons: (1) Dishonest employees can use floppy disks to take valuable data home or sell it to competitiors, (2) the DOS file buffer system can allow unwanted data to b written to a disk at the end of a file and (3) the physical nature of a floppy disk makes it possible to read data even if you erase it. ... If America becomes more tyrannical, crypto systems such as KOH could become illegal. As I write, there is a bill in Congress to outlaw anything without a government-approved back-door. What if a more assertive version of KOH then appeared? Imagine if, instead of asking if you wanted it on your hard disk, it just went there, perhaps read the FAT into RAM and trashed it on disk, and then demanded a pass phrase to encrypt with and only restored the FAT after successful installation. This exercise is just food for thought. Don't make such a modification unless circumstances really warrant it! Just consider what the legal implications might be. Would the government excuse an infection? Or would they use it as an excuse to put a new computer in their office, or some revenue in their coffers? What do you think? UNQUOTE KOH comes with several options including uninstall, change pass phrase, and a floppy disk migration toggle ( you want to encrypt floppies automatically or not). I have not tested KOH myself but it looks quite nice. Also, Ludwig's idea of forced hard disk encryption with a passphrase looks like it could have a number of variations that Cypherpunks might want to consider. Yours Truly, Gary Jeffers BEAT STATE!!! & HOW ABOUT BIG BUSINESS TOO!!! ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
