PPDD: ENCRYPTED DISC DEVICE DRIVER PPDD is a device driver for Linux. It allows you to create a device which looks like a disc partition. You can then create an ext2, ext3 or reiserfs filesystem or even a swap partition on this device. The data is in reality written to and read from a real disc - either a partition or a file on a normal filesystem. Everything on the disc is encrypted. The encryption algorithm is blowfish. In the 1.2 version of PPDD, which works with the 2.0 and 2.2 series of Linux kernels, the device driver is specific to PPDD. In the later versions which work with the 2.4 series of Linux kernels PPDD makes use of the loop device driver. This should make PPDD less dependent on particular kernel revisions. Clearly more than just a device driver is involved in this and a lot of effort has gone into making the overall system secure and foolproof. The 2.0 versions is a beta releases - that means that there is a risk that undiscovered bugs would erase all your data or that security holes are a real possibility. The 1.2 version has proved to be very stable and there have been no reported security problems. I am very happy using both 1.2 and 2.0 for real - unfortunately for legal reasons I cannot guarantee them in any way. The usual limitiations on liability still apply. Version 1.2 works only on Intel-86 - mainly because the encryption engine is in assembler to ensure optimal performance. The 2.0 version of PPDD replaces the assembler routine with a C version. Performance issues are not an issue now compared to 3 or 4 years ago and there is no reason why PPDD will not work on other hardware platforms. It has not been tested other than on I-86. If anyone wants to try it on other hardware please e-mail me. Both versions are fully compatible - i.e. the format on disc is exactly the same. Version 2.0 can handle very large discs (38Gb is the most we've tested) and these may not work if you switch back to version 1.2. Similarly version 1.2 works with ext2 and a 1024 block size - if you create another type of file system or an ext2 filesystem using 4096 byte blocks then you can't move back to version 1.2. Version 2.0 works with ext2, ext3 and reiserfs. The real data file can be held on a software raid device and the loop device can be used with a real data file on a ppdd device. In fact every combination that has been tried worked well. Version 1.2 on the other hand is not recommended for use in this way. One of the design objectives was to make it possible for an average user to install and use ppdd. The new revision includes extensive documentation including "man" pages. The make macros check the environment more extensively and if you follow the instructions success is almost certain. Both revisions include the ability to encrypt the root filesystem and swap files so that the chances of accidentally leaving secret material on disc are very small indeed. At the current stage of development this feature requires a reasonable knowledge of Linux - particularly the boot process - on the part of the sysadmin who implements it. If you have any queries, comments or problems, or if you just want to keep up-to-date on the latest news then please subscribe. All you need to do is to send a message to this mail address ppdd-request@linux01.gwdg.de with the single word "subscribe" (without the quotation marks) in the body of the message. The ppdd homepage is located at: http://linux01.gwdg.de/~alatham/ppdd.html