RE: disk encryption modes----- Original Message -----
From: [EMAIL PROTECTED]
> The main feature I was going for was the ability to give a semi-trusted
third party
> out of the reach of your local men-with-guns the ability to irrevocably
destroy your
> data in an emergency, without giving the third party any of your actual
data.
But all you did was add another point of failure.
> If the "I need you to destroy the keyfile NOW" signal was automatically
sent to the
> third party after N failed login attempts by the encryption driver (by
writing a
> pre-arranged random value to a pre-arranged random section of the key
file) you
> wouldn't even have to be conscious.
Do you really think they'd access your computer in place? Instead they'd
move it to a secure location, where it couldn't touch the outside world,
they'd tear out your driver, put in their own, and poof not only can it not
talk, it has a new brain.
> I think it could be done reasonably reliably without a noticeable
performance hit.
Not likely. You're slowing the system down at several critical points:
1) Random number generation
This is a very expensive operation to get right under most
constraints, so it'll noticably slow the performance of writing a sector
2) Cipher keying
All the other suggestions have required keying a cipher once and
only once, yours requires keying it every 4096KB of write. Since keying a
cipher is generally one of the worst thigns you could do (very often more
expensive than encrypting), you're introducing a critical slow-down
3) writing to the storage medium
You've apparently forgotten that there is only one bus.
You write to the hard drive, it spools
then you write to the flash RAM, it doesn't spool, and can
take significantly longer, especially if you have to do any searching
These will result in an enormous slowdown to the speed of the system.
> One real-world application that comes to mind for this idea is encryption
for a corporate laptop computer.
Not in any company I know of, the goal of any reasonably run company is to
make as much profit as possible. That means that wasteful spending on flash
RAM modules that only serve to add an additional point of failure to the
system.
Joe
