Secure IDE?

Trei, Peter ptrei at
Thu Jul 31 06:31:50 PDT 2003

> pgut001 at[SMTP:pgut001 at] wrote:
> "Trei, Peter" <ptrei at> writes:
> >No info on chaining modes, if any, nor of IV handling.
> DES/ECB, originally with a 40-bit key, more recently with 56-bit and 3DES.
> Keys generated by the manufacturer onto a USB dongle.  No easy way to make
> backups of the dongle.  It's a messy tradeoff: If you want something like
> laptop/data-theft-protection (which will suit the majority of the market),
> then DES-40/ECB is fine, but you want to be able to back up the dongle
> because
> if that goes (and after multiple insertions and removals it will) you've
> lost
> all your data.  OTOH if you want protection from the MIB the fragile
> nature of
> the key storage is probably a benefit, but then you want 3DES/CBC to go
> with
> it.  At the moment you have laptop-theft-protection crypto and
> MIB-protection
> key storage.
> You can buy truckloads of these things on ebay for about $20 a pop if you
> want
> to play with one.
> Peter.
Color me dissapointed. 

It's a move in the right direction, but I wish they had followed through and
done the right things:

* [AES | 3DES]/CBC with a good distribution of IVs
* User-generated keys (before initial disk setup, of course).
* Shutdown on dongle removal.
* Some kind of PIN or password protection on the dongle.

eNova claims not to keep a database of keys (they don't
say that 'there is no database of keys', which is a little
different), and to get a key copied you have to send it to
them. They do seem to supply a spare.

Back a few years ago, I calculated that with the DES key
search software then available, a single 200MHz machine
could search 40 bits of keyspace over a long weekend. 
Today it would take a few hours.

40 bit DES is not secure against your kid sister (if she's
a cypherpunk :-), much less industrial espionage.

Quote from
erBoard&pMODEL_NAME=SecureIDE :

"40-bit DES (US Data Encryption Standard) is adequate 
for general users"

Yeah. Right.


More information about the cypherpunks-legacy mailing list