"Steven M. Bellovin" <[email protected]> writes: >http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126869&intsrc=hm_ts_head
>From a quick look at what's just been released (https://www.trustedcomputinggroup.org/groups/storage/) it doesn't actually tell you anything about how to do disk encryption, it's just... well I'll have to quote the doc itself because I'm not quite sure what its purpose is, but the document claims it's an "architecture for putting Storage Devices under policy control as determined by the trusted platform host". Reading through the Opal spec ("minimum requirements for storage devices used in PCs and laptops") is like reading a SCSI CDB reference, it outlines a means of connecting something over here with something else over there with no indication of what either of the two something's are. It seems to be mostly intended to be a means of tying a hard drive into the TPM framework, with the entire crypto-related portions of the Opal spec being: 2.4 Cryptographic Features An Opal SSC compliant SD SHALL implement Full Disk Encryption for all host accessible user data stored on media. AES-128 or AES-256 SHALL be supported (see [FIPS 197]). 2.5 Authentication An Opal SSC compliant SD SHALL support password authorities and authentication. There's an older draft from 2007 covering storage architecture which is... um... 266 pages of the sort of thing you'd expect to emerge if the TCG tried to define a standard for dealing with hard drives. So I wouldn't call these "full-disk encryption standards", it's more like "TPM glue for hard drives". The P1619/SISWG work is completely different, you can actually take this and implement drive encryption from it, and it specifies (in some detail) how to do it right. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
