On Thu, Jul 31, 2003 at 12:04:13PM -0400, Trei, Peter wrote:
[...]
with a good distribution of IVs
Where would you store them? The feature of this is that it's fully transparent, so you can't store IVs anywhere.
I'm not really up on crypto file systems, but I beleive at least some use the sector address as the IV. IVs don't need to be random, secret, or unpredictable - they just need to be unrepeated. (I'm assuming sector-at-a-time encryption).
I believe that is what some of them are doing. I think it's a little better to use some fast PRNG seeded from the sector (or eg HMAC of sector number or encryption of sector number if you have hardware). The sector number is changing in counter order and cancels with the plaintext difference. I did some tests on a 10GB disk full of windows app and program data (accessed the raw windows partition from linux /dev/hda1) and if you do that (xor first block of sector with sector number) you get a fair few collisions.
How would you do this without a custom BIOS (remember that their general product is for dropping into any PC)?
one of the products on show at RSA earlier this year would boot from the IDE sector onto a virtual drive (it would pretend to be a boot sector over the IDE connector), then that boot sector has code to ask for your password, derive the key and load it, and then reboot onto the real drive. If you pulled power from the drive it would forget the key. Adam