Secure IDE?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Jul 31 10:05:48 PDT 2003


"Trei, Peter" <ptrei at rsasecurity.com> writes:
>pgut001 at cs.auckland.ac.nz[SMTP:pgut001 at cs.auckland.ac.nz]
>>"Trei, Peter" <ptrei at rsasecurity.com> writes:
>>>with a good distribution of IVs
>>
>>Where would you store them?  The feature of this is that it's fully
>>transparent, so you can't store IVs anywhere.
>
>I'm not really up on crypto file systems, but I beleive at least some use the
>sector address as the IV. IVs don't need to be random, secret, or
>unpredictable - they just need to be unrepeated. (I'm assuming sector-at-a-
>time encryption).

But the IV is repeated, every time you encrypt new data for that sector.  You
need to either store a random IV for each sector (usually infeasible) or make
two passes over the data (details vary), using the output from pass 1 to
affect pass 2 (slow).

>>>* Some kind of PIN or password protection on the dongle.
>>
>>How would you do this without a custom BIOS (remember that their general
>>product is for dropping into any PC)?
>
>We're talking about two different products. The ABIT is a MB, presumably with
>it's own custom BIOS, so that's not an issue there.

Customised, not custom.  Think of it as a Chinese-menu type setup, it's a one-
size-fits-all BIOS with appropriate modules compiled in for handling the CPU
and chipset features.  Now motherboard vendors can plug in their own feature
modules, but it's a somewhat nontrivial option usually used only for highly
marketable features (overclocking options, ability to re-flash from Windows,
etc etc).

Peter.





More information about the cypherpunks-legacy mailing list