Forwarded by request. ---------- Forwarded message ---------- sector address as the IV. IVs don't need to be random, secret, or unpredictable - they just need to be unrepeated. (I'm assuming sector-at-a- time encryption). If the IV is not a secret how are we going to prevent block replay attacks on cipher text? Regards Sarath. --- Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
"Trei, Peter" <ptrei@rsasecurity.com> writes:
"Trei, Peter" <ptrei@rsasecurity.com> writes:
with a good distribution of IVs
Where would you store them? The feature of this is that it's fully transparent, so you can't store IVs anywhere.
I'm not really up on crypto file systems, but I beleive at least some use the sector address as the IV. IVs don't need to be random, secret, or unpredictable - they just need to be unrepeated. (I'm assuming sector-at-a- time encryption).
But the IV is repeated, every time you encrypt new data for that sector. You need to either store a random IV for each sector (usually infeasible) or make two passes over the data (details vary), using the output from pass 1 to affect pass 2 (slow).
* Some kind of PIN or password protection on
dongle.
How would you do this without a custom BIOS
(remember that their general
product is for dropping into any PC)?
We're talking about two different products. The ABIT is a MB, presumably with it's own custom BIOS, so that's not an issue
pgut001@cs.auckland.ac.nz[SMTP:pgut001@cs.auckland.ac.nz] the there.
Customised, not custom. Think of it as a Chinese-menu type setup, it's a one- size-fits-all BIOS with appropriate modules
compiled
in for handling the CPU and chipset features. Now motherboard vendors can plug in their own feature modules, but it's a somewhat nontrivial option usually used only for highly marketable features (overclocking options, ability to re-flash from Windows, etc etc).
Peter.
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Sarath or maybe Mike Rosing wrote:
If the IV is not a secret how are we going to prevent block replay attacks on cipher text?
If you look at the usage models and threat models, it's simply not a problem. This is a disk drive. Anybody who has access to disk drive transactions sufficient to try replay attacks already has deep-level access to your hardware, so you're toast anyway because they can see the unencrypted data before it's written. What this kind of system is normally good for is making sure that anybody who steals your hardware when it's not running can't read your disk's data. (Steals includes thieves with and without warrants or subpoenas...) There's not really a risk of replay attacks there. However, there's an emerging application for which disk drives are more vulnerable, which is remote storage. Some of the new disk interface standards, like Fibre Channel, and probably some of the flavors of iSCSI, can operate over distances of 20km and longer over fiber, leading to businesses like colocation centers in New Jersey providing big disk drive farms for New York City financial businesses which have their mainframes in Manhattan. For applications like that, it is important to do good IVs, because control of the disk drive doesn't imply control of the machine.
participants (2)
-
Bill Stewart -
Mike Rosing