----- Original Message ----- From: "Bill Stewart" <[EMAIL PROTECTED]>
> I've been thinking about a somewhat different but related problem lately, > which is encrypted disk drives. You could encrypt each block of the disk > with a block cypher using the same key (presumably in CBC or some similar > mode), > but that just feels weak. Why does it feel weak? CBC is provably as secure as the block cipher (when used properly), and a disk drive is really no different from many others. Of course you have to perform various gyrations to synchronise everything correctly, but it's doable. > So you need some kind of generator of > pretty-random-looking keys so that each block of the disk gets a different key, > or at the very least a different IV for each block of the disk, > so in some sense that's a PRNG. (You definitely need a different key for each > block if you're using RC4, but that's only usable for Write-Once media, > i.e. boring.) > Obviously you need repeatability, so you can't use a real random number > generator. Well it's not all the complicated. That that same key, and encrypt the disk block number, or address or anything else. This becomes completely redoable (or if you're willing to sacrifice a small portion of each block you can even explicitly stor ethe IV. > I've been thinking that Counter Mode AES sounds good, since it's easy > to find the key for a specific block. Would it be good enough just to use > Hash( (Hash(Key, block# )) > or some similar function instead of a more conventional crypto function? Not really you'd have to change the key every time you write to disk, not exactly a good idea, it makes key distribution a nightmare, stick with CBC for disk encryption. Joe