> the drive must not return any data if the wrong key is given. Not being funny, but how does the drive know if the key it is given is wrong? Either
(a) it keeps a copy of the key internally (easy to hack), or (b) it encrypts a special string and keeps that internally (in flash or on media), or (c) it must add a crpytographically safe integrity field computed over the plaintext on each sector to tell if it has been decrypted correctly. This is just like adding authentication, and will add overhead. It's probably not possible to rely on CRC because that isn't always there (vendor specific additional sector information). I presume the only sensible method is (b)? Colin.