On Thu, Jul 31, 2003 at 12:04:13PM -0400, Trei, Peter wrote:
> [...]
> > >with a good distribution of IVs
> > 
> > Where would you store them?  The feature of this is that it's fully
> > transparent, so you can't store IVs anywhere.
> 
> I'm not really up on crypto file systems, but I beleive at least some
> use the sector address as the IV. IVs don't need to be random,
> secret, or unpredictable - they just need to be unrepeated. (I'm
> assuming sector-at-a-time encryption).

I believe that is what some of them are doing.  I think it's a little
better to use some fast PRNG seeded from the sector (or eg HMAC of
sector number or encryption of sector number if you have hardware).
The sector number is changing in counter order and cancels with the
plaintext difference.  I did some tests on a 10GB disk full of windows
app and program data (accessed the raw windows partition from linux
/dev/hda1) and if you do that (xor first block of sector with sector
number) you get a fair few collisions.

> > How would you do this without a custom BIOS (remember that their
> > general product is for dropping into any PC)?

one of the products on show at RSA earlier this year would boot from
the IDE sector onto a virtual drive (it would pretend to be a boot
sector over the IDE connector), then that boot sector has code to ask
for your password, derive the key and load it, and then reboot onto
the real drive.  If you pulled power from the drive it would forget
the key.

Adam

Reply via email to