How To Create A (Relatively) Secure Disk on the PDP11 A new virtual disk device called VE: exists on the system. It works very like the old VD: virtual disks (which are still there) but has some protection of access. This is done by terminal number. The idea is that you log into a normal account on the system disk, and prepare to use a premounted virtual disk with your sensitive things on it by entering a password to lock that disk for you. When done, you invalidate access to that disk except for those who have the password. Nobody else can read or write it unless they know it either. The container files are to be kept in a directory that will go away after bootup and the initial passwords will be assigned at that time to what you choose by a file that will also go away. You can alter them any time after boot. The commands used would look like this, assuming VE6: were used. In fact you can pick any VE: unit not in use. DEV VE: will tell you which are mounted. >LVE VE6:/PA:abcdef >MOU VE6:volnam >ASN VE6:=SY: And at the end of your session give the command >DMO VE6:/DEV >LVE VE6:/PA:abcdef/IN to invalidate the access. or >LVE VE6:/LO to invalidate access without giving the password (useful in a LOGOUT.CMD). The disks should be left assigned at startup so the directory can be removed thus preventing people from getting at the same data with a different disk (highly dangerous). The initial passwords should be set up, again at boot, by a command file in this area that also is in a disappearing directory. One could find out from the startup command eventually how the directory names were being clobbered, but by doing a wildcard rename or some such thing it could be made fairly hard to locate. The new utilities are as follows: AVE VEn:=file/sw /sw may be /CR:nnnnn create disk of nnnnn blocks /RO read only access defaults to using file.dsk already there. DVE VEn: Deassigns virtual disk from file LVE VEn:/sw /sw may be /PA:nnnnnn nnnnnn is octal password, must be given to use. Password at start is 0 right after AVE. /NE:mmmmmm mmmmmm is new password (also octal). Replaces old one if old one was right /UN Unlocks disk, allows access by anyone. /IN Invalidates access to disk by anyone. /LO Invalidates access to disk without requiring password Glenn Everhart 7/19/82 Note added 10-Aug-82: GCE Another feature in LVE is the new /CR:kkkkkk switch. This switch allows LVE to encrypt or decrypt the home block of the virtual disk using the key kkkkkk, a 16 bit octal number. If the home block is encrypted, the disk is unmountable until it is decrypted. The algorithm is not very secure, but this restriction added to the ones implemented at driver level makes it difficult to access the disk, even if the container file should become visible to the world. (It is a good idea to rename directory files with the containers in them so that this will not happen often if at all, and rename back at boot long enough to do AVEs to assign virtual disks to the files, then rename back. This feature will allow the command files to be hidden on a disk whose container is still visible if desired. One cannot automate the process without making it somewhat vulnerable, but one can obscure it. Unlike access passwords, the disk encryptions survive reboot and not even your system manager need know the keys. A stronger algorithm may be substituted if desired, but the insecurity of the XOR algorithm makes it possible, though difficult, to recover from forgetting the key. Glenn Everhart 8/10/82