Re: Hard Drive Destruct System?

From: Casper H.S. Dik (Casper.Dik_at_Sun.COM)
Date: 11/28/04 

Date: 28 Nov 2004 13:18:21 GMT

roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) writes:

>|Offhand I can't see any problem with en/decrypting data in 512 byte
>|blocks as sectors are read/written to disk.

>If you are using the same key each time, that scheme would suffer
>a lot from "known plaintext" attacks. For example,
>All blocks of NULLs would encrypt exactly the same way, and
>the first 64 bytes of most non-text files would be relatively
>consistant amongst filetypes, allowing you a fairly good idea
>of what kind of file something was without decrypting it.

Right; but for random access disks "CBC" mode is not possible
unless you can be sure that all accesses will be of equal size
and on the appropriate boundaries. Or you would need to reset the
IV every 512 bytes (which still doesn't help much).

AES CTR (counter) mode is much more promissing; this basically turns
AES into a Random number generator with a different random number
for each encrypted block:

        Encrypt(Key, Nonce + Counter) Xor^ Plaintext

where Nonce is a random but fixed number and Counter is the block
index (block cipher blocks, not disk blocks)

Casper 

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.