>>how does the drive know if the key it is given is wrong? There are other options, too. For example, a secure hash of the key could be stored in the drive for each key scope (a contiguous LBA range). Alternatively, a public key MAC. This later method has the advantage that an attacker cannot replace it arbitrarily, even if he rips up the drive.
It is possible to store a disk key in the drive, which is hard to hack. It could be in some nonvolatile memory integrated with the crypto engine. To get it, you have to get inside of a 65 130 nm integrated circuit, use microelectrodes and try not to damage the circuit. A very expensive and slow process, which uncovers some secrets for only one drive. Nevertheless, storing all the keys on disk is not the best solution. Laszlo > -------- Original Message -------- > Subject: RE: wrong key behaviour > From: "Colin Sinclair" <[EMAIL PROTECTED]> > Date: Wed, December 21, 2005 12:04 pm > To: "SISWG" <[EMAIL PROTECTED]> > > > the drive must not return any data if the wrong key is given. > > Not being funny, but how does the drive know if the key it is given is wrong? > Either > > (a) it keeps a copy of the key internally (easy to hack), or > > (b) it encrypts a special string and keeps that internally (in flash or on > media), or > > (c) it must add a crpytographically safe integrity field computed over the > plaintext on each sector > to tell if it has been decrypted correctly. This is just like adding > authentication, and will add > overhead. It's probably not possible to rely on CRC because that isn't always > there (vendor specific > additional sector information). > > I presume the only sensible method is (b)? > > Colin.
