pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz] wrote:
"Trei, Peter" <ptrei@rsasecurity.com> writes:
No info on chaining modes, if any, nor of IV handling.
DES/ECB, originally with a 40-bit key, more recently with 56-bit and 3DES. Keys generated by the manufacturer onto a USB dongle. No easy way to make backups of the dongle. It's a messy tradeoff: If you want something like laptop/data-theft-protection (which will suit the majority of the market), then DES-40/ECB is fine, but you want to be able to back up the dongle because if that goes (and after multiple insertions and removals it will) you've lost all your data. OTOH if you want protection from the MIB the fragile nature of the key storage is probably a benefit, but then you want 3DES/CBC to go with it. At the moment you have laptop-theft-protection crypto and MIB-protection key storage.
You can buy truckloads of these things on ebay for about $20 a pop if you want to play with one.
Peter.
Color me dissapointed. It's a move in the right direction, but I wish they had followed through and done the right things: * [AES | 3DES]/CBC with a good distribution of IVs * User-generated keys (before initial disk setup, of course). * Shutdown on dongle removal. * Some kind of PIN or password protection on the dongle. eNova claims not to keep a database of keys (they don't say that 'there is no database of keys', which is a little different), and to get a key copied you have to send it to them. They do seem to supply a spare. Back a few years ago, I calculated that with the DES key search software then available, a single 200MHz machine could search 40 bits of keyspace over a long weekend. Today it would take a few hours. 40 bit DES is not secure against your kid sister (if she's a cypherpunk :-), much less industrial espionage. Quote from http://www.abit.com.tw/abitweb/webjsp/english/mb_spec.jsp?pPRODUCT_TYPE=Moth erBoard&pMODEL_NAME=SecureIDE : "40-bit DES (US Data Encryption Standard) is adequate for general users" Yeah. Right. Peter