Regarding Windows Vista Disk Encryption Algorithm.

Joseph Ashwood ashwood at msn.com
Thu Oct 19 15:25:30 PDT 2006 

----- Original Message ----- 
From: "Sarad AV" <jtrjtrjtr2001 at yahoo.com>
Sent: Thursday, October 19, 2006 5:55 AM
Subject: Regarding Windows Vista Disk Encryption Algorithm.


> How do we know if future PC's make use of this chip on
> their motherboards in future

The short answer: they do.

> and how can we trust this
> chip?

If you can't trust the hardware vendor there are worse things they can do to 
you. But in essence you either trust them or you don't.

> Doesn't a data
> recovery expert usually work under the assumption that
> the encryption keys are unavailable?

This changes the rules some, but generally speaking with modern encryption, 
if the key is not available you're screwed.

>   Isn't this the case, if we are looking at stolen
> laptop(S)?
>    If the disk can be removed and dumped, what
> advantage does the TPM security chip provide over
> software encryption?

You missed the part where it can only be done with the administrator 
password.

> But if we work with the assumption that the attacker/
> recovery expert will not be able to find the key on
> the disk ,is there any need to implement the TMP
> security chip? Is the assumption reasonable?

There is no reason to hide the boot block, but too many uneducated users 
would go "But they can find the boot block" and complain about how the 
security MUST be weak, based on a gross misunderstanding of the situation.

> From the above, judging by the clock speed, it however
> appears that AES-CBC is software implemented by
> BitLocker?

I don't know.

> Appendix A on pg 18 gives a sketch of a proof on why
> AES-CBC+Diffusers are atleast as secure as AES-CBC.
> The diffusers consumes about 1/3 rd of the cycles per
> byte. Given this overhead is it useful to implement
> the diffusers unless the implementation can be shown
> to be more secure than AES-CBC?

Without the introduction of another key it is impoosible to improve on the 
security proof of CBC, so what they've done is introduce a method of 
obfuscation that they hope will not be broken, but breaking it will not 
affect the security of CBC mode in any way, simply because if it did break 
AES-CB, an attacker could apply it themself quite cheaply. The proof 
basically boils down to: it's CBC, attacker loses.
                    Joe

More information about the cypherpunks-legacy mailing list