Google Groups
`
`New release of CFS Unix encrypting filesystem available
`
`Matt Blaze
`
`Posted in group: sci.crypt
`
`Mar 17, 1996 3:00 AM
`
`Source code for the latest version (release 1.3.3) of CFS, the Cryptographic
`File System, is now available upon request for research and experimental
`use in the US and Canada. This version works under most BSD-derived Unix
`
`systems and should now run without modification under most current Linux
`releases as well.
`
`It
`CFS pushes encryption services into the Unix(tm) file system.
`supports secure storage at the system level through a standard Unix
`file system interface to encrypted files. Users associate a
`cryptographic key with the directories they wish to protect. Files in
`these directories (as well as their pathname components) are
`transparently encrypted and decrypted with the specified key without
`further user intervention; cleartext is never stored on a disk or sent
`to a remote file server. CFS employs a novel combination of DES
`stream and codebook cipher modes to provide high security with good
`performance on a modern workstation. CFS can use any available file
`system for its underlying storage without modification, including
`remote file servers such as NFS. System management functions, such as
`file backup, work in a normal manner and without knowledge of the key.
`
`CFS runs under SunOS and several other BSD-derived systems with NFS.
`It is implemented entirely at user level, as a local NFS server
`running on the client machine's "loopback" interface.
`It consists of
`about 5000 lines of code and supporting documentation. You must have
`"root" access to install CFS.
`
`CFS was first mentioned at the work-in-progress session at the Winter
`'93 USENIX Conference and was more fully detailed in:
`
`Matt Blaze. "A Cryptographic File System for Unix", Proc. 1st ACM
`Conference on Computer and Communications Security, Fairfax, VA,
`November 1993. (PostScript available by anonymous ftp from
`research.att.com in the file dist/mab/cfs.ps.)
`
`and in
`
`Matt Blaze. "Key Management in an Encrypting File System", Proc.
`Summer '94 USENIX Tech. Conference, Boston, MA, June 1994.
`(PostScript available by anonymous ftp from research.att.com
`in the file dist/mab/cfskey.ps.)
`
`Version 1.3 of CFS also includes ESM, the Encrypting Session Manager.
`ESM provides shell-to-shell encrypted sessions across insecure links
`and requires no 08 or network support.
`It is useful for typing cfs
`passphrases when logged in over the network. ESM needs RSAREF 2.0 to
`compile and is tested only on SunOS and BSDI. ESM is the first released
`part of a suite of session encryption tools that are described in
`
`BlackBerry Corporation Exhibit 1014, pg. 1
`
`BlackBerry Corporation Exhibit 1014, pg. 1
`
`
`
`New release of CFS Unix encrypting filesystem available
`
`Matt Blaze
`
`Posted in group: sci.crypt
`
`Mar 17, 1996 3:00 AM
`
`Source code for the latest version (release 1.3.3) of CFS, the Cryptographic
`File System, is now available upon request for research and experimental
`use in the US and Canada. This version works under most BSD-derived Unix
`
`systems and should now run without modification under most current Linux
`releases as well.
`
`It
`CFS pushes encryption services into the Unix(tm) file system.
`supports secure storage at the system level through a standard Unix
`file system interface to encrypted files. Users associate a
`cryptographic key with the directories they wish to protect. Files in
`these directories (as well as their pathname components) are
`transparently encrypted and decrypted with the specified key without
`further user intervention; cleartext is never stored on a disk or sent
`to a remote file server. CFS employs a novel combination of DES
`stream and codebook cipher modes to provide high security with good
`performance on a modern workstation. CFS can use any available file
`system for its underlying storage without modification, including
`remote file servers such as NFS. System management functions, such as
`file backup, work in a normal manner and without knowledge of the key.
`
`CFS runs under SunOS and several other BSD-derived systems with NFS.
`It is implemented entirely at user level, as a local NFS server
`running on the client machine's "loopback" interface.
`It consists of
`about 5000 lines of code and supporting documentation. You must have
`"root" access to install CFS.
`
`CFS was first mentioned at the work-in-progress session at the Winter
`'93 USENIX Conference and was more fully detailed in:
`
`Matt Blaze. "A Cryptographic File System for Unix", Proc. 1st ACM
`Conference on Computer and Communications Security, Fairfax, VA,
`November 1993. (PostScript available by anonymous ftp from
`research.att.com in the file dist/mab/cfs.ps.)
`
`and in
`
`Matt Blaze. "Key Management in an Encrypting File System", Proc.
`Summer '94 USENIX Tech. Conference, Boston, MA, June 1994.
`(PostScript available by anonymous ftp from research.att.com
`in the file dist/mab/cfskey.ps.)
`
`Version 1.3 of CFS also includes ESM, the Encrypting Session Manager.
`ESM provides shell-to-shell encrypted sessions across insecure links
`and requires no 08 or network support.
`It is useful for typing cfs
`passphrases when logged in over the network. ESM needs RSAREF 2.0 to
`compile and is tested only on SunOS and BSDI. ESM is the first released
`part of a suite of session encryption tools that are described in
`
`BlackBerry Corporation Exhibit 1014, pg. 1
`
`BlackBerry Corporation Exhibit 1014, pg. 1
`
`
`
`Matt Blaze and Steve Bellovin. "Session-layer Encryption."
`Proc. 1995 USENIX Security Workshop, Salt Lake City, June 1995.
`(PostScript is available from
`ftp://research.att.com/dist/mab/sesscrypt.ps)
`
`The new version of CFS differs from the version described in the
`
`papers in a few ways:
`
`* The DES-based encryption scheme has been strengthened, and now
`provides greater security but with the online latency of only single-DES.
`
`* Support for the smartcard-based key management system is not
`included and a few of the tools are not included.
`
`* An impoved key management scheme now allows chaning the passphrase
`associated with a directory.
`
`* The performance has been improved.
`
`* The security of the system against certain non-cryptanalytic attacks
`has been improved somewhat.
`
`* User-contributed ports to a number of additional platforms.
`
`* Hooks for adding new ciphers.
`
`* 3-DES, MacGuffin, and SAFER-SK128 encryption options.
`
`* Timeout options allow automatic detach of encrypted directories
`after a set time or period of inactivity.
`
`CFS is distributed as a research prototype; it is COMPLETELY
`UNSUPPORTED software. No warranty of any kind is provided. We will
`not be responsible if the system deletes all your files and emails the
`cleartext directly to the NSA or your mother. Also, we do not have
`the resources to port the software to other platforms, although you
`are welcome to do this yourself. The software was developed under
`SunOS and BSDI, and there are also unsupported user-contributed ports
`available for AIX, HP/UX, lrix, Linux, Solaris and Ultrix. We really
`can't promise to provide any technical support at all, beyond the
`source code itself. We also maintain a mailing list for CFS users and
`developers; subscription information is included with the source code.
`
`Because of export restrictions on cryptographic software, we are only
`able to make the software available within the US and Canada to US and
`
`Canadian citizens and permanent residents. Unfortunately, we cannot
`make it available for general anonymous ftp or other uncontrolled
`access, nor can we allow others to do so. Sorry.
`
`Legal stuff from the README file:
`
`Copyright (c) 1992, 1993, 1994, 1995 by AT&T.
`*
`* Permission to use, copy, and modify this software without fee
`* is hereby granted, provided that this entire notice is included in
`* all copies of any software which is or includes a copy or
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* *
`
`This software is subject to United States export controls.
`
`BlackBerry Corporation Exhibit 1014, pg. 2
`
`BlackBerry Corporation Exhibit 1014, pg. 2
`
`
`
`* *
`
`THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`* WARRANTY.
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`If you would like a copy of the CFS source code, please read to the end
`of this message and then send email to:
`
`c...@research.att.com
`
`DO NOT REPLY DIRECTLY TO THIS MESSAGE. You must include a statement
`
`that you are in the US or Canada, are a citizen or legal permanent
`resident of the US or Canada, and have read and understand the license
`conditions stated above. Be sure to include an email address in a US-
`
`or Canada-registered domain. The code will be sent to you via email in
`a "shar" shell archive (a little over 300K bytes long).
`
`BlackBerry Corporation Exhibit 1014, pg. 3
`
`BlackBerry Corporation Exhibit 1014, pg. 3
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
