	How To Create A (Relatively) Secure Disk on the PDP11

	A new virtual disk device called VE: exists on the system.
It works very like the old VD: virtual disks (which are still there)
but has some protection of access. This is done by terminal number.
	The idea is that you log into a normal account on the system
disk, and prepare to use a premounted virtual disk with your sensitive
things on it by entering a password to lock that disk for you. When
done, you invalidate access to that disk except for those who have
the password. Nobody else can read or write it unless they know it
either.
	The container files are to be kept in a directory that will
go away after bootup and the initial passwords will be assigned
at that time to what you choose by a file that will also go away.
You can alter them any time after boot.

	The commands used would look like this, assuming VE6:
were used. In fact you can pick any VE: unit not in use. DEV VE: will
tell you which are mounted.

	>LVE VE6:/PA:abcdef
	>MOU VE6:volnam
	>ASN VE6:=SY:

	And at the end of your session give the command
	>DMO VE6:/DEV
	>LVE VE6:/PA:abcdef/IN
		to invalidate the access.
	or
	>LVE VE6:/LO
		to invalidate access without giving the password
			(useful in a LOGOUT.CMD).

	The disks should be left assigned at startup so the directory
can be removed thus preventing people from getting at the same data
with a different disk (highly dangerous). The initial passwords
should be set up, again at boot, by a command file in this area
that also is in a disappearing directory. One could find out from
the startup command eventually how the directory names were being
clobbered, but by doing a wildcard rename or some such thing it
could be made fairly hard to locate.

	The new utilities are as follows:

	AVE VEn:=file/sw
		/sw may be
			/CR:nnnnn  create disk of nnnnn blocks
			/RO        read only access
	defaults to using file.dsk already there.

	DVE VEn:		   Deassigns virtual disk from file

	LVE VEn:/sw
		/sw may be

		/PA:nnnnnn	nnnnnn is octal password, must be given
				to use. Password at start is 0 right
				after AVE.
		/NE:mmmmmm 	mmmmmm is new password (also octal). Replaces
				old one if old one was right
		/UN		Unlocks disk, allows access by anyone.
		/IN		Invalidates access to disk by anyone.
		/LO		Invalidates access to disk without requiring password


	Glenn Everhart
	7/19/82
	Note added 10-Aug-82: GCE

	Another feature in LVE is the new /CR:kkkkkk switch.
	This switch allows LVE to encrypt or decrypt the home block of
the virtual disk using the key kkkkkk, a 16 bit octal number. If the
home block is encrypted, the disk is unmountable until it is decrypted.
The algorithm is not very secure, but this restriction added to the ones
implemented at driver level makes it difficult to access the disk, even if
the container file should become visible to the world. (It is a good idea
to rename directory files with the containers in them so that this will
not happen often if at all, and rename back at boot long enough to do
AVEs to assign virtual disks to the files, then rename back. This feature
will allow the command files to be hidden on a disk whose container is
still visible if desired. One cannot automate the process without making
it somewhat vulnerable, but one can obscure it. Unlike access passwords,
the disk encryptions survive reboot and not even your system manager need
know the keys.
	A stronger algorithm may be substituted if desired, but the
insecurity of the XOR algorithm makes it possible, though difficult,
to recover from forgetting the key.
	Glenn Everhart
	8/10/82
