----- Original Message -----
From: "Bill Stewart" <[EMAIL PROTECTED]>
> I've been thinking about a somewhat different but related problem lately,
> which is encrypted disk drives. You could encrypt each block of the disk
> with a block cypher using the same key (presumably in CBC or some similar
> mode),
> but that just feels weak.
Why does it feel weak? CBC is provably as secure as the block cipher (when
used properly), and a disk drive is really no different from many others. Of
course you have to perform various gyrations to synchronise everything
correctly, but it's doable.
> So you need some kind of generator of
> pretty-random-looking keys so that each block of the disk gets a different
key,
> or at the very least a different IV for each block of the disk,
> so in some sense that's a PRNG. (You definitely need a different key for
each
> block if you're using RC4, but that's only usable for Write-Once media,
> i.e. boring.)
> Obviously you need repeatability, so you can't use a real random number
> generator.
Well it's not all the complicated. That that same key, and encrypt the disk
block number, or address or anything else. This becomes completely redoable
(or if you're willing to sacrifice a small portion of each block you can
even explicitly stor ethe IV.
> I've been thinking that Counter Mode AES sounds good, since it's easy
> to find the key for a specific block. Would it be good enough just to
use
> Hash( (Hash(Key, block# ))
> or some similar function instead of a more conventional crypto function?
Not really you'd have to change the key every time you write to disk, not
exactly a good idea, it makes key distribution a nightmare, stick with CBC
for disk encryption.
Joe
