----- Original Message ----- From: "Morlock Elloi" <[EMAIL PROTECTED]> > > There's no need to go to great lengths to find a place to store the IV. > > Wouldn't it be much simpler (having in mind the low cost of storage), to simply > append several random bits to the plaintext before ECB encrypton and discard > them upon decryption ? > > For, say, 128-bit block cipher and 16-bit padding (112-bit plaintext and 16-bit > random fill) the storage requirement is increased 14% but each block is > completely independent, no IV is used at all, and as far as I can see all > pitfails of ECB are done away with.
The bigger problem is that you're cutting drive performance by 14%, considering that people notice a matter of < 10%, people are going to complain, and economically this will be a flop. A drive setup like this would be worse than useless, it would give the impression that encryption must come at the cost of speed. Designing this into a current system would set the goal of encryption everywhere back. > Probability of the same plaintext encrypting to the same cyphertext is 1 in > 65536. Which is no where near useful. 1 in 65536 is trivial in cryptographic terms, especially when compared to 1 in approx 340000000000000000000000000000000000000. Additionally you'll be sacrificing _more_ of the sector to what amount to IV, and in exchange you'll be decreasing security. If instead in that 512KB block you take up 128 bits, you'll only lose about 0.02% performance and we were already trying to avoid that (although for other reasons). Joe