Re: AES-CBC + Elephant diffuser
On Thu, Oct 29, 2009 at 07:15:53AM -0700, Paul Hoffman wrote: > At 2:24 PM +0100 10/29/09, Eugen Leitl wrote: > >"We discuss why no existing cipher satisfies the requirements of this > >application". Uh-oh. > > Yeah, we all know what a light-weight and careless person Neils Ferguson is. > Who would listen to him? Ah, should have spent a few seconds looking him up http://en.wikipedia.org/wiki/Niels_Ferguson http://www.macfergus.com/ -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: AES-CBC + Elephant diffuser
At 2:24 PM +0100 10/29/09, Eugen Leitl wrote: >"We discuss why no existing cipher satisfies the requirements of this >application". Uh-oh. Yeah, we all know what a light-weight and careless person Neils Ferguson is. Who would listen to him? --Paul Hoffman, Director --VPN Consortium - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: AES-CBC + Elephant diffuser
Eugen Leitl wrote: "We discuss why no existing cipher satisfies the requirements of this application". Uh-oh. http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en AES-CBC + Elephant diffuser Brief Description A Disk Encryption Algorithm for Windows Vista ^^^ That is the key issue here, it is a disk encryption algorithm independent of the filesystem that sits above it. If instead you put the encryption directly into the filesystem, rather than below it, then the restrictions of sector size that mean you can't easily use a MAC go away. This is exactly what we have done for ZFS, we do use a MAC (the one from CCM or GCM modes) as well as a SHA256 hash of the ciphertext (used for resilvering operations in RAID) and they are stored in the block pointers (not the data blocks) forming a Merkle tree. We also have a place to store an IV. So every encrypted ZFS block is self contained, has an IV and a 16 byte MAC. This means that the crypto is all standards based algorithms and modes for ZFS. http://hub.opensolaris.org/bin/view/Project+zfs-crypto/ -- Darren J Moffat - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
AES-CBC + Elephant diffuser
"We discuss why no existing cipher satisfies the requirements of this application". Uh-oh. http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en AES-CBC + Elephant diffuser Brief Description A Disk Encryption Algorithm for Windows Vista The specifications of the AES-CBC + diffuser algorithm used in BitLocker Drive Encryption Overview The Bitlocker Drive Encryption feature of Windows Vista poses an interesting set of security and performance requirements on the encryption algorithm used for the disk data. We discuss why no existing cipher satisfies the requirements of this application and document our solution which consists of using AES in CBC mode with a dedicated diffuser to improve the security against manipulation attacks. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com