>>>standardizing something we would never use I meant a standard, which would turn out to require expensive licensing. Nobody could assure us it won't happen with EME or XCB. LRW is royalty free, so I don't see a problem with it. If somebody wants to use it in an insecure way, is also not my concern, as long as the text of the standard (or an accompanying document) warns about the dangers.
Proposing something Seagate has an IP claim on, would not sound fair, either. Furthermore, I have to wait until our disclosures are filed at the patent office, otherwise we would loose overseas rights. Laszlo > -------- Original Message -------- > Subject: Re: wrong key behaviour > From: james hughes <[EMAIL PROTECTED]> > Date: Fri, December 23, 2005 2:10 pm > To: [EMAIL PROTECTED] > Cc: james hughes <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > On Dec 22, 2005, at 11:04 PM, [EMAIL PROTECTED] wrote: > > >>> the difference [between LRW and EME] is the level of granularity. > > With 4KB LBA's the difference in granularity is 256 fold, not a > > trivial > > amount. > > On this you and I agree. When the decision was made to shelve EME a > 4k sector was not as assumed as it is now. > > > There are other alternatives, too, which > > are much better in this regard. I do not insist on reviving EME, > > I am excited that a 4k "EME like" algorithm (I seem to recall that > there were 2 proposed in addition to EME that were either royalty > free or claim to donate the IP to the standard). I very much > recommend that you work with on this idea and bring a proposal. The > requirements are that the mode be written up, a sketch of a proof > (that needs to be completed and published at a tier 1 conference), > test vectors and IP statement citing prior art. Sample code is a > definite plus. > > I would like to hear a consensus from the other members that a new > PAR P1619a for large block encryption would be warranted? My vote is > yes. > > > why should we spend our time on > > standardizing something we would never use? > > By "we" you mean Seagate/Maxtor? There are others in this community > that are implementing LRW that believe that the traffic analysis > vulnerability of LRW is OK. > > We (the cumulative P1619 based on several group votes) are working on > LRW -because- it is the lightest weight thing that we could do. If > you believe there is a mode that is lower weight then (I don't think > I am being presumptuous in suggesting that) we are all ears. > > Thanks > > jim
