RE: Secure IDE?

2003-07-31 Thread Peter Gutmann 
Trei, Peter [EMAIL PROTECTED] writes:

It's a move in the right direction, but I wish they had followed through and
done the right things:

* [AES | 3DES]/CBC 

I get the feeling they use ECB for speed (heavy pipelining) rather than
cluelessness.

with a good distribution of IVs

Where would you store them?  The feature of this is that it's fully
transparent, so you can't store IVs anywhere.

* User-generated keys (before initial disk setup, of course).

That one's the only thing I can't find a good technical reason for... perhaps
it's just commercial, since they see the dongles as a revenue source and will
sell you software to set up n dongles yourself, where price is proportional to
n.

* Some kind of PIN or password protection on the dongle.

How would you do this without a custom BIOS (remember that their general
product is for dropping into any PC)?

40 bit DES is not secure against your kid sister (if she's a cypherpunk :-),
much less industrial espionage.

I'm more worried about key backup - it's bad enough having cheapest-possible-
components IDE drives without complicating it further with a second point of
failure.  In the meantime a better option is still the triumvirate of:

- Sensitive data saved only to RAM disk.

- 3DES-encrypted volume mounted as a filesystem, which I can back up in
  encrypted form if necessary, and with all crypto done in software with per-
  sector random IVs, user-generated keys, and all the other stuff you asked
  for.

- Encrypted swap.

(Oh yeah, and a UPS so you're not tempted to temporarily save stuff to disk
 elsewhere in case the RAM drive goes away suddenly).

40-bit DES (US Data Encryption Standard) is adequate for general users

Yeah. Right.

If you're worried about Joe Burglar grabbing your laptop (for the value of the
laptop) and your business data being leaked as collateral damage, or someone
stumbling across your warez or pr0n, then it's probably adequate.  Since this
is what general users would be worried about, I'd agree with the statement.
Anyone worried about more than that (probably about 0.01% of the market) isn't
a general user any more.

Peter.

Re: AP by any other name ...

2003-07-30 Thread Peter Gutmann 
Anonymous [EMAIL PROTECTED] writes:

I first ran into this market concept about ten years ago. The Iowa Political
Stock Market successfully predicted the outcome of the 1992 U.S. presidential
election within a few tenths of a percentage point for all three candidates
(including Perot).  It was more accurate than 8 major polls. Since then there
have been many other experiments with other markets: Hollywood Stock Exchange
where people bet on future box office receipts and Foresight Exchange where
traders bet on the outcomes of unresolved scientific and societal questions.

It's been used in other areas as well, and for rather longer than ten years.
For example, one of the most accurate estimates of the entropy of natural
language involved people placing bets on the value of the next letter seen (as
opposed to the more traditional I guess it'll be an 'e' estimation
technique).

Peter.