On Tue, 1 Jun 1993, Eric Hughes wrote:
The actual file encryption/decryption must be done in hardware if you want to have any sort of speed at all.
Please, everyone who is working on this, remember. You can't do hard disk encryption in software on the host CPU. Thanks to Jim for reminding me to stress this.
Well thanks for the advice, but you fergot to mention why...
Lacking an available IDEA chip I will have to use DES (multi-pass or some other variant to get around the limits on DES keyspace) in order to get the necessary throughput on the disk.
DES hardware is already available and tested. Use it. Use a triple-keyed EDE version of DES.
Is someone selling a raw DES chip on an ISA card? If so, use that so that others don't have to hack together their own hardware.
I would be very interested in a card like this, if anyone can find one.
Such a system would not be completely secure but would provide some protection for files, which is more than they get now...
The keying material for the disk should not be one key for the whole disk. The keying material could easily be one key per track without the keys growing too large.
Ideally this keying material would be held on a removable PCMCIA card and would talk directly to the device encryptor hardware with a protected channel. That will have to wait.
Another possibility until then, and one that would be fun for people who like to play with EPROMS, is a card that had a cable leading to an external EPROM socket that you could lay on your desk or on top of the case or wherever. You burn your keys for the HD into a chip and use it as a key, physically inserting the chip in the socket each time. There are lots on new ways to make chips easy to plug in and out, I'm sure it wouldn't be too hard. I still don't see why all of the actual encryption couldn't be done in software though...
Eric
-Ryan the Bit Wallah