P O T A S S I U M H Y D R O X I D E (KOH) Disk Encryption System Written by "The King of Hearts" The executable program KOH.COM and this document file KOH.DOC may be distributed for free. Please spread them all over the known universe! Complete source, or an original distribution disk is available from: American Eagle Publications, Inc. P.O. Box 41401 Tucson, AZ 85717 See the order form at the end of this document. (C) 1993 American Eagle Publications, Inc. --------------------------------- * This software was developed in MEXICO * WARNING: Certain entities who claim civil authority in the United States consider this to be an export-controlled item due to the strong cryptography implemented therein. We do not intend to defy them though their claims to said authority are somewhat dubious in view of their disdain for the constitution. This matter you must consider for yourself. ------------------------------- 3 INDEX ===== CHAPTER PAGE 1. Warning 5 2. How KOH Works 6 3. Installation 7 Floppy Disk Installation 7 Hard Disk Installation 8 4. Speed Considerations 12 5. IDEA-Based Cryptography 13 6. Hotkeys 16 7. System Backup 18 8. How do I . . . ? 21 9. If you have problems 23 10. Order Information 25 5 1. WARNING ========== This disk encryption system employs a state-of-the-art encryption algorithm called IDEA in conjunction with a sophisticated low-level disk intercept to secure your IBM compatible personal computer system from intrusion. PLEASE READ THESE INSTRUCTIONS COMPLETELY BEFORE INSTALLING THIS PROGRAM ON YOUR COMPUTER SYSTEM. If you do not, you could render all of the data in your system PERMANENTLY INACCESSIBLE WITHOUT REMEDY! Secondly, improper installation could leave your computer system vulnerable to cryto-analytic attack. Although KOH uses a very good cryptographic algorithm, YOU have a part to play in making sure you are secure. This manual will tell you how. In short, take your time, read the manual, and do it right and you'll be glad you did! 6 2. HOW KOH WORKS ================ Potassium Hydroxide is an on-the-fly disk encryption program. When you install it, it will encrypt your hard disk (and floppies) so that all of the information on it will look like jibberish without the corresponding decryption in place, and the proper password entered when you start the computer. KOH hides itself in a small space on your hard disk that is normally never used, and it is the very first thing loaded from disk when you turn your computer on. It installs itself in your computer's memory, and then asks you for a pass phrase. If you enter the wrong thing, your disk still looks like jibberish. Once KOH is installed in memory, it monitors all attempts to access the disks in your system. Everything that is written to disk is encrypted by KOH, and everything read from disk into memory is decrypted. Nothing is ever stored to disk in an unencrypted form as long as KOH is in the system. Thus, if you are in a situation where you have a security problem, all you have to do is turn your computer off, or hit the reset button, and everything is instantly locked out of the reach of anyone who doesn't know your pass phrase. Functionally, KOH works in a manner similar to a computer virus. It uses "stealth" technology developed by computer virus writers to hide itself in your computer system's memory and on its disks. Likewise, it uses technology first developed by virus writers to help you keep all of your work encrypted without having to remember to do all the housekeeping yourself. KOH differs from a virus in that it is friendly. It doesn't just come along and do something nasty whether you want it to or not. You remain in control, and KOH does an important job for you! This virus technology actually makes KOH a much more effective program than some other commercial programs. For example, some programs implement encryption using a device driver. This, however, makes it impossible to encrypt the boot-up code, and part of the directory structure. Others force you to set up a separate partition on your hard disk, etc., etc. By hiding like a virus, KOH allows you to encrypt EVERYTHING. 7 3. INSTALLATION =============== IMPORTANT: Read this section through once from start to finish and then go through it again, step by step, while doing what it says. A. Floppy Disk Installation --------------------------- There are two ways to put an active copy of KOH on a floppy disk. The first way we will discuss is to use the KOH.COM program, provided with this DOC file. To create a disk encrypted with KOH, you should first create a bootable floppy of the type used in your A: drive. To do this, use the command FORMAT A: /S /U to format the disk in drive A: and put the system files on it, so that it can be booted. The /U calls for an unconditional format, which just wipes out any pre-existing data on that disk. Once you've done this, simply run the KOH program as KOH A: When you run KOH, you will be prompted for a pass phrase for that floppy disk. You should always pick a good pass phrase. A bad one will seriously compromise security in your system. If somebody (or somebody's computer) can guess your password, then you're wide open. See the discussion of pass phrases below, IDEA-Based Cryptography. After you enter a pass phrase, KOH will proceed to encrypt this disk and install itself. The process takes a minute or two. When complete, KOH will inform you that is is done, and you will find yourself back at the prompt. If you attempt to do a directory of that floppy now, it will look like pure gibberish. Now, if you have a floppy-only computer system, or if you don't want KOH on the hard disk, you can boot from your newly created floppy disk. KOH will load itself into memory and ask you for a pass phrase. Enter the pass phrase, and your disk will proceed to boot. If you do a directory on it, you'll see everything there just like you would expect, with no jibberish. KOH is resident in memory, decrypting the information on that disk as it is loaded into your computer's memory. You can turn your computer off at any time, and your disk will be completely safe from prying eyes. 8 When KOH is resident in memory (loaded by booting off a disk on which it is installed), you can encrypt new disks with no trouble at all. All you have to do is do a directory on a disk, and KOH will automatically encrypt it with the same password you entered when you started up, and put the decryption routines on it. For example, if you put a diskette in your B: drive and type DIR B: you won't get the directory immediately, like you usually do. KOH will sense an unencrypted disk in that drive, and encrypt it before anything else happens. When KOH is done encrypting, you'll get the directory display just like you usually do, but now that disk is encrypted. Thus, once you have your first encrypted disk, making more is very easy. If you need to access a diskette WITHOUT automatically encrypting it (perhaps you are copying a few files from a friend, and you want to give his disk back), you can easily turn the auto-migrate feature off by using the hot-key Ctrl-Alt-O (letter o). When you press this three-key combination (just like you use Ctrl-Alt-Del to reboot), your computer will beep and a minus sign "-" will be displayed on the screen to tell you that auto-migrate is off. Then you can access floppy disks, and KOH will not attempt to encrypt them. To turn the auto-migrate feature back on, press Ctrl-Alt-O again. Your computer will beep and a plus sign "+" will be displayed to indicate that auto-migrate is on. You can read more about this feature in the section on Hotkeys. B. Hard Disk Installation ------------------------- To install KOH on your hard disk, the first thing you must do is install it on a floppy disk. Use the instructions above to do that before proceeding with installation on your hard disk. Backing Up ---------- Once you have made a bootable floppy disk with KOH on it, then you are ready to install it on your hard disk. BEFORE YOU INSTALL ON YOUR HARD DISK, YOU MUST BACK UP YOUR COMPUTER!!! Encrypting your disk is a sensitive process. If the power were to fail, or if something went wrong half-way through the process, you could conceivably lose everything you have stored on your computer. Thus, before you proceed, you must back up your computer. DO IT NOW. Don't take the chance that everything will go fine, because you just never can tell. 9 However, obviously, if you make a backup of your computer now, that backup won't be encrypted. This is a potential security breach. There are a couple ways to deal with it, depending on how your computer is configured. I'm going to assume you haven't been backing up your data regularly, because most people don't. So first a few instructions on making a proper backup when using KOH. The only way to back up your computer and allow KOH to encrypt the backup for you is to back up onto floppy disks using a program that does not use a non-standard disk format. The standard DOS BACKUP utility works fine, as do compression programs like PKZIP and ARJ, which allow for multi-volume processing. Get a bunch of floppies, and back up now, before anything is encrypted. You can encrypt this backup later, if you want to. For more information about backing up with KOH in your computer, see the section System Backup in this manual. Putting KOH on your Hard Disk ----------------------------- Once backup is complete, you are ready to move KOH to your hard disk. To install KOH, first put the floppy which has KOH on it in the A: drive and reboot your computer. The computer will access the A: drive first, and load KOH into memory. At this point, KOH will ask you: KOH-Migrate to hard drive on this computer (please backup)? At first, answer "N" for no. This is a preliminary test. First you want to see if your KOH-ed floppy will work. Then you will be asked for a pass phrase. Enter the pass phrase you chose for the disk when you made it. Next, the disk should boot, and you should have an A: prompt. You should be able to do a directory of the hard disk, etc., without problems. If, rather than booting up, you get an error to the effect of "Non-system disk" then you may have entered the wrong pass phrase, so press Ctrl-Alt-Delete and try again. After successfully booting your floppy under KOH, you can do a directory of it, and you will see everything that was on it just like it was before you encrypted. Now we're ready to install on the hard disk. Press Ctrl-Alt-Delete and allow the computer to boot from the floppy again. Now, when it asks you about migrating to the hard drive, answer "Y" for yes. Again, you will be asked for a password. You don't really need to enter it, because once it's asked, KOH is already on your hard disk. So you can just press Ctrl-Alt-Delete again, and take the floppy out of the A: drive so your system will boot from the hard disk. 10 When KOH loads from the hard drive, it will ask if you want to encrypt your data now. Again, it's probably a good idea to test your disk out and answer this question "N" for no. Your computer should then proceed to boot and operate normally. The Secret Key -------------- After you've seen that your computer is still working, it is time to encrypt. Press Ctrl-Alt-Delete once more, and when you're asked if you want to encrypt, answer "Y" for yes. KOH will then ask you to start pressing keys. This is a critical part of generating a good encryption key, and it's important not to slacken up here and try to rush the process. You'll have to press about 128 keys to get through this part. To do it right will take a few minutes. CHOOSE KEYS ON YOUR KEYBOARD COMPLETELY AT RANDOM AND PRESS THEM SLOWLY. Use all of the keys on your keyboard too. If you try to rush this, you're only compromising the security of the random key which is being generated, and it is your own loss. Once the computer has enough keystrokes, it will beep and ask you to press the ESC key to continue. After you press ESC, you will be asked for two pass phrases. One is for the hard disk and one is for your floppy disks. The Hard Disk Pass Phrase ------------------------- Chose a hard disk pass phrase carefully. It needs to be something that cannot be easily guessed, yet something you can remember, and it can be any combination of keystrokes up to 128 characters. This pass phrase is what you will enter into the computer every time you turn it on from now on. See IDEA-Based Cryptography for more information on picking a good pass phrase. The Floppy Disk Pass Phrase --------------------------- The pass phrase for the floppy disk will be completely invisible after you enter it. It is stored (encrypted) on your hard disk in a special area, and you will not normally need to enter it. However, since you are liable not to use it for long periods of time, make sure it is something you will remember--or save it somewhere on your *encrypted* hard disk. You will need it if you boot off of an encrypted floppy, or wish to access that floppy from another machine. After you have entered both pass phrases, KOH will proceed to encrypt your hard disk. This is where you have to just kick back and wait, as the process can take anywhere from 20 minutes to several hours, depending on how big your hard disk 11 is, and how fast your computer is. Allocate plenty of time to encrypt, and do not turn the computer off before it finishes the job and tells you so. If you do, chances are a major portion of the data on your hard disk will be lost forever! That's why you want to back up, too. You never know when the electric company might shut down your computer for you. You have been warned!! Note: You can change both the hard disk and floppy disk pass phrases at a moment's notice by pressing Ctrl-Alt-K, preferably from the DOS prompt. Then you will be asked to enter new pass phrases. See Hotkeys for more information. Note that KOH only encrypts the presently-active partition on your physical hard disk. Thus, if you have your computer set up with two logical drives, C: and D:, only the C: drive will be encrypted. The D: drive will not get encrypted. If you want everything encrypted, then you must set your hard disk up with a single partition if it is not already. (Use the FDISK program, supplied with DOS, to determine how many partitions you have if you do not know.) At this point KOH is completely installed on your hard disk. The next time you start your computer, you will be prompted for a pass phrase. Enter it right, and your computer will start right up. Enter it wrong, and you cannot get in! NOTE: If you are installing on a SCSI drive, read the section in "What To Do If You Have Problems" concerning SCSI's before you install. That will help you to avoid surprises with SCSI's, which can be a bit more complex than ordinary drives. 12 4. SPEED CONSIDERATIONS ======================= KOH requires a considerable amount of overhead to do encryption and decryption on the fly. You are bound to notice a slow-down in disk accesses after you install KOH. That is always something that's hard to get used to. These are the breaks of using on the fly encryption, and the better your encryption algorithm, the more overhead it takes. To minimize the impact of the slowdown, I recommend two things: (1) Install a disk cache in memory--as big as you can afford. A caching controller will not do the job, because that cache lives on the other side of KOH. You need just an ordinary cache that resides in system memory, preferably one that caches reads and writes. (The standard MS-DOS cache works just fine.) This will keep data cached in an unencrypted state so that accessing it does not require calling IDEA. You may want to install some more memory so you can make your disk cache bigger. (2) Upgrade your processor, if you can afford it. The speedup from the new processor will offset the slowdown from KOH, and you'll be happier. For example, if you upgrade from a 386SX- 16 to a 486SX-25, you probably won't even notice the slowdown, and it's not THAT expensive. If you cannot afford the above solutions and you still can't live with a slower system, there is one other possibility, though it is not as secure. You can partition your disk with a logical drive. For example, if you have an 80 megabyte drive, create a 20 megabyte partition, and make it your C: drive, and create a 60 megabyte partition and make it your D: drive. Now, put all of your programs, and data that is not sensitive on your D: drive, and put all of your sensitive data on the C: drive. Then install KOH. KOH will encrypt the C: drive, but leave the D: drive alone. This means that your D: drive will be as fast as it was before, and your C: drive will be slowed down by the encryption routines. All your programs, etc., will load real fast. The problem here is that you need to make sure you don't put sensitive data on your D: drive. Don't ever put it there. Remember that erasing files doesn't really erase the information. And don't let your programs create temporary files on your D: drive with sensitive information in them either. (And that's easier said than done!!) As I said, this is not really a very good option, but it can be done. 13 5. IDEA-BASED CRYPTOGRAPHY ========================== IDEA stands for International Data Encryption Algorithm. It was developed in the 1980's in europe as an alternative to the US government developed DES (Data Encryption Standard) algorithm. Most good commercial encryption programs use DES at present. DES has been proven to be a pretty good algorithm by the academic crypto community, however quite a few people are suspicious about it because it was developed by the US government and the National Security Agency. Although perhaps quite suitable for civilian use 99.99% of the time, there is always that lurking suspicion that the NSA knows how to crack it. Additionally, DES uses a 56 bit key (7 byte). As computers become more and more powerful, it is possible that a brute-force attack against DES would be possible at a reasonable cost. By a brute-force attack, I mean you just set up a computer to try every possible 7 byte key until you get the right one. That could be only a few years away, as computer technology is improving so rapidly. IDEA offers an alternative. Developed by the academic community, it does not carry with it the suspicions of an algorithm developed by a super-secret government agency. It has proved to be a good algorithm without inherent weaknesses. However, IDEA is still rather young--much younger than DES. Thus, it is possible that someone could find a weakness and prove it's not so good after all. That has not happened to date, and it's a calculated risk you have to take. Also, the IDEA employs a 128 bit key (16 byte). This larger key makes a brute-force attach MUCH more difficult, and removes it from the realm of possibility for a long time to come. The development team felt the IDEA offered the best security at present of any known algorithm, for the purposes we have in mind for KOH, and that includes keeping your private computer data away from prying government eyes. Since government has the one-up on everyone else with DES, we felt IDEA offered a better chance of keeping the playing field level. The IDEA algorithm can be operated in several modes. We use the Cipher Block Chaining mode, because this is the most secure, and it makes sure that, even if two blocks of data on your disk contain the same unencrypted data, they'll look completely different when encrypted. As with all cryptography, even a strong algorithm can be broken easily if you aren't careful about your password. I know hackers who can get into all kinds of computer systems 14 with the greatest of ease, simply because people choose passwords that are easy to guess. The famous Internet Worm had a list of passwords in it--about a hundred words--which are used by at least one user on over 90% of all computer systems. Now just about anybody can sit down and try 100 different words that you're likely to use for a password! I recommend you don't use a word at all. KOH gives you up to 128 characters for the pass phrase. They can be any combination of (case sensitive) letters, numbers and punctuation. USE THEM. If you just use one word, I can write a computer program in about ten minutes that will test every word in the dictionary against your passphrase. And it can find your "secret" word in about ten minutes. At least use a phrase. Definitely use punctuation. Maybe use unusual capitalization rules. Probably you should include at least one nonsense word. By all means don't quote your favorite book. What ever you do, remember that if somebody wants to crack your pass phrase, it's not just some guy sitting there trying to dream up good guesses. It's a guy with a computer that can make a million guesses an hour. Make sure that even if you could make a million guesses an hour, it would take forever to get the right one. That may sound intimidating, but it's not really. Chosing 5 random words from a dictionary of 100,000 means you have about 10,000,000,000,000,000,000,000,000 possibilities and even at 1,000,000 an hour, the universe will collapse before you get done. Adding an unnecessary exclamation point at the end makes the job all that more difficult. You should be getting the point: Give some thought to your pass phrase. The next point is that you need to watch your floppy disks. Some people are careful to encrypt some of their data, but not all of it. Then if they are attacked, the unencryted data is enough to cause trouble. KOH tries to make encryption as easy as possible with the auto-migrate feature. It is recommended that you leave this feature ON at all times, unless you have a specific task at hand that requires it to be off. Then turn it off, complete that task, and turn it back on. That way, everything that touches your computer will stay encrypted, day in and day out. Make sure you go back to any old floppies you had before you installed KOH and encrypt too (just sit down and do directories on them and they'll get encrypted). Note that the IDEA algorithm is patented by a group in Switzerland. There is no license fee required for non- commercial use. For commercial use, you'll have to contact the patent holder. Since this program is freeware, we don't 15 handle license fees. Contact Dieter Profos, Ascom-Tech AG, Solothurn Lab, Postfach 151, 4502 Solothurn, Switzerland for information. References: Xuejia Lai, "On the Design and Security of Block Ciphers", Institute for Signal and Information Processing, ETH-Zentrum, Zurich, Switzerland, 1992 Xuejia Lai, James Massey, Sean Murphy, "Markov Ciphers and Differential Cryptanalysis", Advances in Cryptology, Eurocrypt 1991. 16 6. HOTKEYS ========== KOH has three basic hotkeys which you can use to perform special functions with KOH while it is active in your computer. These hotkeys are designed to be easy to remember. They are called up by holding down the Ctrl and Alt keys, and pressing K, O or H. Let's see what they do: Ctrl-Alt-K ---------- This hotkey allows you to change your system pass phrases. As you will recall, if you booted from a hard disk, there is a hard disk pass phrase and a floppy disk pass phrase. If you booted from a floppy disk, there is only a floppy disk pass phrase. KOH will allow you to change whatever pass phrases are appropriate. Changing the hard disk pass phrase is permanent, and allows you to access that hard disk only by entering the new pass phrase when you start the computer. It takes only a few seconds to change this pass phrase, as KOH does not need to decrypt and encrypt the whole disk to make it effective. You will want to change the hard disk pass phrase any time you believe the security of your old pass phrase has been compromised. Changing the floppy disk pass phrase does not change the pass phrase with which you access a given floppy disk. Once a floppy has been encrypted using a given pass phrase, it will always require that pass phrase to be accessed. A new floppy pass phrase will only take effect on any new floppies you put in your computer. For example, suppose your floppy pass phrase is "PHYSICS TEST = 90" and a friend brings a disk over encrypted with the pass phrase "for MY Friend". You can change to this floppy pass phrase to read this disk. However, your usual disks will not be accessible while this pass phrase is in effect. When you're done with your friend, you'll want to change back to your original pass phrase so you can read your own disks again. Ctrl-Alt-O (Remember O = On/Off) ---------- This hotkey turns KOH's auto-migrate feature on and off. Auto-migrate is the feature that causes KOH to automatically encrypt floppy disks that are put in your computer. The hotkey acts as a toggle. If auto-migrate is on, the hotkey turns it off, and vice-versa. To tell you what just happened when you press this key combination, KOH makes your computer beep and displays a "+" or a "-". The plus sign 17 tells you that auto-migrate is now on, and the minus tells you it is off. If you load KOH from a floppy disk, the change in the status of auto-migrate is temporary, and effective only as long as your computer is on. When you reboot, or turn your computer off and on, KOH will load itself into memory with auto- migrate on. If you load KOH from your hard disk, the change in status of auto-migrate is saved to disk, so that you can turn your computer off and on again, and if you had auto-migrate off to start with, it will still be off. Ctrl-Alt-H (Remember H = Hard disk uninstall) ---------- This hotkey un-installs KOH from your hard disk. It will ask you if you are sure you want to uninstall, and if you answer "Y", KOH will proceed to uninstall itself. You can uninstall KOH from a hard drive whether that drive is encrypted or not. If the drive is encrypted, it may take several hours to complete the uninstall--as long as it took to install. So make sure you have enough time to allow KOH to uninstall itself! When uninstalling, the same considerations apply as when installing. In other words, make sure you back your system up. If you lose power during the uninstall process, you could lose everything on your hard disk. To uninstall, you must have booted your system with KOH installed on the hard disk. If you can't remember the pass phrase, this will NOT help you out. You cannot un-install KOH on a floppy disk. If you want to get the encryption off of a floppy, the only way to do it is to copy it all to an unencrypted disk (with auto-migrate off, if KOH is active in your computer). 18 7. SYSTEM BACKUP ================ Here I want to explain how to do a proper backup when KOH is installed on your hard disk, and keep your data private in the process. I am going to discuss two things: (1) Making a master backup disk, and (2) backing up all of your data to floppy disks. Now, a lot of people have way too much data to use floppies to back up, and they use tape drives. KOH will not encrypt the data on your tape, so you have two options: (1) is to buy a tape backup program that will encrypt your data. There are a number on the market that use some form of DES, but none that I know of which use IDEA. Some use weak forms of DES too, so beware. The alternative is (2) not to encrypt the data on your tape. That is, of course, a potential security hole, unless you hide the tape where no one will ever, ever find it. Probably getting an air-tight capsule and burying it somewhere, or keeping it in a safe-deposit box at some foreign bank would work best. We fully intend to build modules to allow you to back up to tapes using IDEA, and working off your KOH key, but these are not available yet. The Master Disk --------------- A master disk is a bootable disk with enough software to get your computer up and running again in the event of a disk crash. At the very least, you should have a bootable disk with FDISK, FORMAT and SYS, as well as the program you need to restore your backup from the backup floppies, or the tape drive. You can encrypt this master disk with KOH. It will not affect anything you do if you ever have to restore your hard disk. Alternatively, you may just want to put the KOH.COM program on the master disk, and maybe this file as well. There is one other thing you will want to put on your master disk. KOH makes your computer system somewhat more susceptible to damage by computer viruses, because viruses don't usually know how to handle the encryption routines. For example, the Stoned virus is fairly benign on most computer systems. It just displays the message "Your PC is stoned." now and then. However, if it infects your encrypted computer, it can totally trash everything in your computer. A small program VPROTECT has been included with the KOH distribution package. This creates a special file on your master disk that is an image of the KOH system areas. You should run it from your master disk as follows: VPROTECT 19 It will create a file VPROTECT.DAT on your master disk. In the event your computer is attacked by a virus, or the system areas are damaged for any other reason, you should run VPROTECT /write from your master disk to restore the system areas on your hard disk. Once this is done, KOH will have the decryption keys restored and everything necessary to hand over control to DOS. Obviously, if a virus trashes more data on your computer than just this system area, you'll have to deal with that in other ways. Backup to Floppy ---------------- KOH will allow you to backup your hard disk to floppy disks without compromising security. It can encrypt your backup floppies just as it encrypts any other floppy. The key to using KOH effectively in a floppy backup is to use a program that uses a standard DOS disk format. A fine way to back up without using an excessive number of disks is using the PKZIP/PKUNZIP programs or the ARJ program. I'll describe this process in case you want to use it. Also, the considerations discussed in using ARJ with KOH will apply to other backup programs as well. Typically, you cannot get a backup file onto the disk without KOH going there first when auto-migrate is on. Thus, the process of backing up will be completely transparent, even if you use disks that have never been encrypted. The one thing you have to remember is that KOH takes up a small amount of disk space, so if you have to tell the backup program how big your diskette is, you should reduce it by about 6 kilobytes. For example, using ARJ to backup to 1.44 megabyte diskettes in the B: drive, you would specify arj a -r -v1430000 b:backup c:\*.* This tells ARJ to create the archive BACKUP on the B: drive and use a volume size of 1.43 megabytes, and to recurse subdirectories (so your whole disk is backed up). Just execute this and everything will work fine. One thing to be aware of is that some backup programs will allow you to optionally format the floppy disks as you go through the backup. Turn this option off, because it will invariably confuse KOH. Format your floppies before you do the backup. Note: You can still use a backup program that uses non- 20 standard disk formats (like some versions of Fastback and PC Tools) with KOH, you just can't encrypt with KOH. To use these kinds of programs without confusing KOH, turn auto- migrate off before backing up using the hotkey Ctrl-Alt-O. 21 8. HOW DO I . . . ? =================== Here I'd just like to answer a few common questions. Format floppy disks? -------------------- Formatting floppy disks is one process that wipes out the boot sector on a disk, obliterates data, and re-organizes the FAT table. Furthermore, there are many different ways this can be done. KOH cannot possibly anticipate all the possible ways this happens. As such, a little more care must be taken when formatting floppy disks when KOH is resident. First of all, if you use DOS 5 or greater, the FORMAT program doesn't always really format. This fake-format is a sure way to confuse KOH--but that is just as well, because it is also a great way to compromise your valuable data. When KOH is installed, it is recommended that you only use a REAL format. For DOS 5 and up, this is accomplished by using the /u switch. For example, to format the disk in A:, type "FORMAT A: /U". If you use something other than the standard DOS format, you should experiment first to see what it does. As a safety, to make sure you get a clean, unformatted disk when formatting, KOH disables encryption to floppy disks as soon as it sees formatting take place. To remind you that encryption was turned off by formatting, every time you access a floppy disk, you will hear a series of beeps. The only way to start encryption back up after a format is to reboot. Share an encrypted disk with a friend? -------------------------------------- If your friend has KOH on his computer, you can temporarily change the pass phrase on a floppy disk to an agreed upon phrase, and then give it to him. He can then temporarily change to that password to get at the data. I do not recommend you make your standard floppy pass phrase public. That defeats its purpose. If your friend does not have KOH on his computer, you can still give him an encrypted disk. He will just have to boot off of it to access it as discussed next . . . Access data from a machine that doesn't have KOH installed? ----------------------------------------------------------- Suppose you go somewhere and you have encrypted disks. You want to access them, but the machine you are at doesn't even have KOH installed. How can you get to the data? 22 Since KOH usually copies itself to disks that it encrypts, you can boot off of those disks to load KOH into memory. If your floppy disk is a boot disk, fine, that is all you need to do. But what if it isn't? You should still boot off of that disk, and tell KOH to migrate to the hard disk. KOH will then ask for a pass phrase. Instead of entering it, just reboot. When you reboot, boot off of the hard disk (don't encrypt it unless you really want to do all that) and enter the pass phrase that your floppy is encrypted with. Now you should be able to access that floppy disk. When you're done, just uninstall KOH using the hotkey Ctrl-Alt-H. The uninstall will only take a second since the hard disk is not encrypted. Re-Partition a drive? --------------------- Changing the partition information on a drive is such a drastic change that you should completely uninstall KOH before changing the partitions, and then re-install when you are done. Install Windows or a disk compression utility? ---------------------------------------------- You can install Windows or a disk compression utility like DOS' own, or Stacker, just as you ordinarily would. KOH is fully compatible with both. If you have the Windows 32-bit extensions, you may find that the disk driver will not load, and suggest that you may have a virus. Simply ignore this. Our experience is that this driver has so many problems that you are better off not using it to begin with, and when it doesn't load, it just allows the disk to be accessed in the normal way, so you'll never know it's not there. Install OS/2 (or Unix)? ----------------------- At present, KOH is not compatible with advanced operating systems which do not go through the system BIOS to access the disk, and it is not compatible with IBM's boot manager. We intend to create drivers to make it work seamlessly with these operating systems eventually. Also, we are going to make a boot manager that will work with KOH available very soon. If you are interested, please contact American Eagle Publications at the address below. 23 9. IF YOU HAVE PROBLEMS ======================= There are a number of known problems that you may encounter when you use KOH. Some of these have nothing to do with KOH and can't be fixed at our end. I'll explain what I know about. If you run into a bug that you don't know how to fix, write to American Eagle Publications at the address below. No Room for KOH --------------- If you have used non-standard partitioning software, your hard disk may not be able to hold KOH properly in its reserved area. In this event, KOH will tell you there is no room on the hard disk for it, and it will not install itself. To make your disk accept KOH, you must re-partition your drive with the standard DOS FDISK program, and then re- install. Realize that running FDISK will certainly wipe out all the data on your computer, so you'd better have backed up. Keyboard BIOS Bugs ------------------ Some AMI (and probably other manufacturers) keyboard BIOS's don't seem to work very well in real mode. Now, typically you never notice this, because you load HIMEM.SYS, or some other memory manager into your computer's memory when you boot, and the processor goes almost immediately into protected mode. Since KOH takes control before any device drivers, it always operates in real mode. Thus this bug could manifest on you now even though you've never seen it before. What you'll experience is a difficulty in entering your pass phrases properly, and there is practically nothing you can do about it. You'll never get through to anyone at the manufacturer who will believe you. Personally, I recommend you replace you keyboard BIOS with a Phoenix chip if you run into this problem. (The keyboard BIOS and the BIOS are NOT the same thing. The keyboard BIOS is implemented in an 8042 chip.) Some XT hard disks time out loading DOS 6 ----------------------------------------- Anyone who wants to use KOH on an XT based machine CAN do so. There is nothing in the software to prevent it from working. However, it's incredibly SLOOOOOW. You may find out that your operating system will time-out when loading. I know for a fact that MS-DOS 6.2 will time out on some XTs. And I know you can get MS-DOS 3.3 to load properly. I'd really recommend you upgrade your motherboard--it's so inexpensive. But if you must run this on an XT, then you may have to experiment with which version of DOS to run. If it doesn't load, try a different version. 24 Password Doesn't Seem to Work ----------------------------- If your password doesn't appear to work the first time you try to use your computer after encrypting, you may have entered it wrong. Remember your password is case sensitive. Could the CAPS LOCK or NUM LOCK key have been active when you originally entered your password. Could you have capitalized a word? Try the different possibilities. If all else fails, start over from scratch. SCSI Drives ----------- Some SCSI drives use installable device drivers in addition to the ROM BIOS on the SCSI card. Sometimes these drivers can cause problems because they are vendor specific and they can manipulate the ROM BIOS in unfriendly ways. Specifically, they may replace it entirely, and bypass the KOH decryption algorithms. Then your disk may look like trash as soon as the driver loads. Alternatively, they may hook it in some funny way, so, for example the hot keys won't work properly when they are installed. To avoid such problems when installing KOH, it is recommended that you first remove all such drivers (from CONFIG.SYS) and then install KOH with your SCSI drive relying purely on the ROM BIOS. Next, put your drivers back in, one at a time, and make sure KOH is still working. 25 10. ORDERING INFORMATION ======================== The executable files and the KOH.DOC files are freeware and may be distributed freely. You may order a disk with these files on them directly from American Eagle Publications. If you are in a country other than the US, the price is different, and the software will be sent to you directly from an overseas affiliate, because we will obey the law here in the US about not exporting this program. You may also order a diskette with complete source code on it, if you prefer. The source IS NOT freeware and MAY NOT be distributed freely. You must purchase it from American Eagle and you may not copy it. Prices ------ KOH Distribution Disk Source Disk --------------------- ----------- US $10 $20 Non-US $20 $30 Please send check, cash or money order, or your VISA or MC number and expiration date. Overseas customers may send US $ or the equivalent in your currency. All prices are postpaid. Where to Order -------------- Order from: American Eagle Publications, Inc. P.O. Box 41401 Tucson, AZ 85717 (602)888-4957