1993-06-01 - Re: Crypto anarchy in a VW? (not the bug)

Header Data

From: RYAN Alan Porter <ryan@rtfm.mlb.fl.us>
To: Eric Hughes <hughes@soda.berkeley.edu>
Message Hash: 68fe3b2cb5e059919aaee45dc7f91596a3b7e28ebbf29bd946935f55f152b8a1
Message ID: <Pine.3.03.9306011501.A4936-b100000@rtfm>
Reply To: <9306011820.AA21028@soda.berkeley.edu>
UTC Datetime: 1993-06-01 19:33:23 UTC
Raw Date: Tue, 1 Jun 93 12:33:23 PDT

Raw message

From: RYAN Alan Porter <ryan@rtfm.mlb.fl.us>
Date: Tue, 1 Jun 93 12:33:23 PDT
To: Eric Hughes <hughes@soda.berkeley.edu>
Subject: Re: Crypto anarchy in a VW? (not the bug)
In-Reply-To: <9306011820.AA21028@soda.berkeley.edu>
Message-ID: <Pine.3.03.9306011501.A4936-b100000@rtfm>
MIME-Version: 1.0
Content-Type: text/plain




On Tue, 1 Jun 1993, Eric Hughes wrote:

> >   The actual file encryption/decryption
> >must be done in hardware if you want to have any sort of speed at all.
>
> Please, everyone who is working on this, remember.  You can't do hard
> disk encryption in software on the host CPU.  Thanks to Jim for
> reminding me to stress this.

Well thanks for the advice, but you fergot to mention why...

> >Lacking an available IDEA chip I will have to use
> >DES (multi-pass or some other variant to get around the limits on DES
> >keyspace) in order to get the necessary throughput on the disk.
>
> DES hardware is already available and tested.  Use it.  Use a
> triple-keyed EDE version of DES. 
>
> Is someone selling a raw DES chip on an ISA card?  If so, use that so
> that others don't have to hack together their own hardware.

I would be very interested in a card like this, if anyone can find one.

> >Such a system would not be completely secure but would provide some
> >protection for files, which is more than they get now...
>
> The keying material for the disk should not be one key for the whole
> disk.  The keying material could easily be one key per track without
> the keys growing too large.
>
> Ideally this keying material would be held on a removable PCMCIA card
> and would talk directly to the device encryptor hardware with a
> protected channel.  That will have to wait.

Another possibility until then, and one that would be fun for people who
like to play with EPROMS, is a card that had a cable leading to an external
EPROM socket that you could lay on your desk or on top of the case or 
wherever.  You burn your keys for the HD into a chip and use it as a key,
physically inserting the chip in the socket each time.  There are lots 
on new ways to make chips easy to plug in and out, I'm sure it wouldn't 
be too hard.

I still don't see why all of the actual encryption couldn't be done in 
software though...

> Eric


-Ryan
the Bit Wallah









Thread