Secure IDE?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jul 31 10:05:48 PDT 2003
"Trei, Peter" <ptrei at rsasecurity.com> writes:
>pgut001 at cs.auckland.ac.nz[SMTP:pgut001 at cs.auckland.ac.nz]
>>"Trei, Peter" <ptrei at rsasecurity.com> writes:
>>>with a good distribution of IVs
>>
>>Where would you store them? The feature of this is that it's fully
>>transparent, so you can't store IVs anywhere.
>
>I'm not really up on crypto file systems, but I beleive at least some use the
>sector address as the IV. IVs don't need to be random, secret, or
>unpredictable - they just need to be unrepeated. (I'm assuming sector-at-a-
>time encryption).
But the IV is repeated, every time you encrypt new data for that sector. You
need to either store a random IV for each sector (usually infeasible) or make
two passes over the data (details vary), using the output from pass 1 to
affect pass 2 (slow).
>>>* Some kind of PIN or password protection on the dongle.
>>
>>How would you do this without a custom BIOS (remember that their general
>>product is for dropping into any PC)?
>
>We're talking about two different products. The ABIT is a MB, presumably with
>it's own custom BIOS, so that's not an issue there.
Customised, not custom. Think of it as a Chinese-menu type setup, it's a one-
size-fits-all BIOS with appropriate modules compiled in for handling the CPU
and chipset features. Now motherboard vendors can plug in their own feature
modules, but it's a somewhat nontrivial option usually used only for highly
marketable features (overclocking options, ability to re-flash from Windows,
etc etc).
Peter.
More information about the cypherpunks-legacy
mailing list