disk encryption

You need to filter the read and write IRPs and the Device control IRPs, given that using pass-through on XP SP2, I can read and write anything that I want, on either SCSI or ATA/IDE interfaces, given that I am logged in as admin. On XP SP1 and below this might not be as critical since pass-through for ATA/IDE was more limited in scope than it is in Server 2003 or XP XP2. Basically it was “broken” in SP1 and fixed in SP2.

But this still will not deny access to the thief that can transfer the encrypted drive to another machine where they then can do what is needed to break the encryption. The hole in the plan to encrypt a disc using runtime software is that access can only be denied while that software is running. Run another OS, or disable the encrypting software, and whoever you were attempting to deny access to now has access. All that is needed is a bit of time and the proper tools.

–
The personal opinion of
Gary G. Little

PS: Maybe I’m simply being a curmudgeon, but I certainly would appreciate you removing the bovine scatology at the end of your posts. I do not like the advertisement and if the info in your email is confidential you should NOT be posting it here in the first place. The assumption is that if its in a public forum it’s public domain.
“Amitrajit Banerjee.” wrote in message news:xxxxx@ntdev…

hey ppl,

if i want to encrypt all content of a disk, sector wise, I believe i need to write a driver that attaches itself to disk.sys.

Exactly which all IRPs I need to trap and monitor? Ofcourse, I need to decrypt the disk also. Forget complexities regarding boot time decryptions. Just tell me the IRPS I need to monitor.

regards
amitr0

Note:-
1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
2) Kindly Acknowledge This Mail At The Earliest.
3) This E-Mail Might contain Confidential information. If You Are Not Entitled
To View it, Please Delete The Message Immediately And Inform Me.
Thanking You,
Amitrajit Banerjee.

Gary,

“… The hole in the plan to encrypt a disc using runtime software is that
access can only be denied while that software is running.”

The idea is not to deny acccess, but to enable transparent en/decyrption
and by this allow access.
And I’d be very interested in the tool that successfully opened an
encrypted disk plugged into another system,
not knowing the password to open the disk, and maybe not even knowing the
algorithm used.

Regards
Else

“Gary G. Little”
To: “Windows System Software Devs Interest List”
Sent by: cc:
bounce-211622-16691@li Subject: Re:[ntdev] disk encryption (Unsigned Mail)
sts.osr.com

06/10/2005 06:47 PM
Please respond to
“Windows System
Software Devs Interest
List”

You need to filter the read and write IRPs and the Device control IRPs,
given that using pass-through on XP SP2, I can read and write anything that
I want, on either SCSI or ATA/IDE interfaces, given that I am logged in as
admin. On XP SP1 and below this might not be as critical since pass-through
for ATA/IDE was more limited in scope than it is in Server 2003 or XP XP2.
Basically it was “broken” in SP1 and fixed in SP2.

But this still will not deny access to the thief that can transfer the
encrypted drive to another machine where they then can do what is needed to
break the encryption. The hole in the plan to encrypt a disc using runtime
software is that access can only be denied while that software is running.
Run another OS, or disable the encrypting software, and whoever you were
attempting to deny access to now has access. All that is needed is a bit of
time and the proper tools.

–
The personal opinion of
Gary G. Little

PS: Maybe I’m simply being a curmudgeon, but I certainly would appreciate
you removing the bovine scatology at the end of your posts. I do not like
the advertisement and if the info in your email is confidential you should
NOT be posting it here in the first place. The assumption is that if its in
a public forum it’s public domain.
“Amitrajit Banerjee.” wrote in message
news:xxxxx@ntdev…

hey ppl,

if i want to encrypt all content of a disk, sector wise, I believe i need
to write a driver that attaches itself to disk.sys.

Exactly which all IRPs I need to trap and monitor? Ofcourse, I need to
decrypt the disk also. Forget complexities regarding boot time
decryptions. Just tell me the IRPS I need to monitor.

regards
amitr0

Note:-
1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
2) Kindly Acknowledge This Mail At The Earliest.
3) This E-Mail Might contain Confidential information. If You Are Not
Entitled
To View it, Please Delete The Message Immediately And Inform Me.
Thanking You,
Amitrajit Banerjee.

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

The problem is that a software solution does NOT provide you 100% encryption
on an HDD. There is still a lot of information that can be extracted from a
disc using forensic tools that are openly available. A simple pass through
command can kick any HDD into a diagnostic mode. What kind of information
can be extracted from the ensuing diagnostic logs? Most likely more than you
want your encrypted HDD to reveal. How much overhead information is written
to the disc in header and trailer portions of a sector? Header and trailer
information of a physical sector on disc can be as large as 128 bytes, and
since that is managed by the firmware on the disc, your software won’t
en/decrypt it. Do you or do you not want the bad guy to have access to that
info, from which they could conveniently

“Else Kluger” wrote in message news:xxxxx@ntdev…
> Gary,
>
> “… The hole in the plan to encrypt a disc using runtime software is that
> access can only be denied while that software is running.”
>
> The idea is not to deny acccess, but to enable transparent en/decyrption
> and by this allow access.
> And I’d be very interested in the tool that successfully opened an
> encrypted disk plugged into another system,
> not knowing the password to open the disk, and maybe not even knowing the
> algorithm used.
>
> Regards
> Else
>
>
>
>
>
> “Gary G. Little”
> To: “Windows
> System Software Devs Interest List”
> Sent by: cc:
> bounce-211622-16691@li Subject: Re:[ntdev]
> disk encryption (Unsigned Mail)
> sts.osr.com
>
>
> 06/10/2005 06:47 PM
> Please respond to
> “Windows System
> Software Devs Interest
> List”
>
>
>
>
>
> You need to filter the read and write IRPs and the Device control IRPs,
> given that using pass-through on XP SP2, I can read and write anything
> that
> I want, on either SCSI or ATA/IDE interfaces, given that I am logged in as
> admin. On XP SP1 and below this might not be as critical since
> pass-through
> for ATA/IDE was more limited in scope than it is in Server 2003 or XP XP2.
> Basically it was “broken” in SP1 and fixed in SP2.
>
> But this still will not deny access to the thief that can transfer the
> encrypted drive to another machine where they then can do what is needed
> to
> break the encryption. The hole in the plan to encrypt a disc using runtime
> software is that access can only be denied while that software is running.
> Run another OS, or disable the encrypting software, and whoever you were
> attempting to deny access to now has access. All that is needed is a bit
> of
> time and the proper tools.
>
> –
> The personal opinion of
> Gary G. Little
>
> PS: Maybe I’m simply being a curmudgeon, but I certainly would appreciate
> you removing the bovine scatology at the end of your posts. I do not like
> the advertisement and if the info in your email is confidential you should
> NOT be posting it here in the first place. The assumption is that if its
> in
> a public forum it’s public domain.
> “Amitrajit Banerjee.” wrote in message
> news:xxxxx@ntdev…
>
>
>
>
> hey ppl,
>
> if i want to encrypt all content of a disk, sector wise, I believe i need
> to write a driver that attaches itself to disk.sys.
>
> Exactly which all IRPs I need to trap and monitor? Ofcourse, I need to
> decrypt the disk also. Forget complexities regarding boot time
> decryptions. Just tell me the IRPS I need to monitor.
>
> regards
> amitr0
>
>
> Note:-
> 1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
> 2) Kindly Acknowledge This Mail At The Earliest.
> 3) This E-Mail Might contain Confidential information. If You Are Not
> Entitled
> To View it, Please Delete The Message Immediately And Inform Me.
> Thanking You,
> Amitrajit Banerjee.
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

The problem is that a software solution does NOT provide you 100% encryption
on an HDD. There is still a lot of information that can be extracted from a
disc
using forensic tools that are openly available.

A simple pass through command can kick any HDD into a diagnostic mode. What
kind of information can be extracted from the ensuing diagnostic logs?
Possibly
more than you want your encrypted HDD to reveal. Since that info is derived
and written to the disc via the onboard logic of the disc, your driver,
sitting
miles away in the storage stack will never even see it, let alone encrypt
it.

What information can I get if I simply force a BSOD and then start analyzing
the
resulting dump? Will your driver encrypt the dump? Is it encrypting the
backing
store used by the OS for paging operations?

Granted, we are not talking about your average run of the mill interloper
here.
We are talking about someone with some serious skills and serious technology
that they can bring to bear on the laptop that was just ripped off from
Widgets,
Inc. How much information can they derive by simply analyzing patterns, or
looking
for ASCII strings, or date/time stamps? A purely software solution may not
effectively prevent that kind of data mining.

–
The personal opinion of
Gary G. Little

“Else Kluger” wrote in message news:xxxxx@ntdev…
> Gary,
>
> “… The hole in the plan to encrypt a disc using runtime software is that
> access can only be denied while that software is running.”
>
> The idea is not to deny acccess, but to enable transparent en/decyrption
> and by this allow access.
> And I’d be very interested in the tool that successfully opened an
> encrypted disk plugged into another system,
> not knowing the password to open the disk, and maybe not even knowing the
> algorithm used.
>
> Regards
> Else
>
>
>
>
>
> “Gary G. Little”
> To: “Windows
> System Software Devs Interest List”
> Sent by: cc:
> bounce-211622-16691@li Subject: Re:[ntdev]
> disk encryption (Unsigned Mail)
> sts.osr.com
>
>
> 06/10/2005 06:47 PM
> Please respond to
> “Windows System
> Software Devs Interest
> List”
>
>
>
>
>
> You need to filter the read and write IRPs and the Device control IRPs,
> given that using pass-through on XP SP2, I can read and write anything
> that
> I want, on either SCSI or ATA/IDE interfaces, given that I am logged in as
> admin. On XP SP1 and below this might not be as critical since
> pass-through
> for ATA/IDE was more limited in scope than it is in Server 2003 or XP XP2.
> Basically it was “broken” in SP1 and fixed in SP2.
>
> But this still will not deny access to the thief that can transfer the
> encrypted drive to another machine where they then can do what is needed
> to
> break the encryption. The hole in the plan to encrypt a disc using runtime
> software is that access can only be denied while that software is running.
> Run another OS, or disable the encrypting software, and whoever you were
> attempting to deny access to now has access. All that is needed is a bit
> of
> time and the proper tools.
>
> –
> The personal opinion of
> Gary G. Little
>
> PS: Maybe I’m simply being a curmudgeon, but I certainly would appreciate
> you removing the bovine scatology at the end of your posts. I do not like
> the advertisement and if the info in your email is confidential you should
> NOT be posting it here in the first place. The assumption is that if its
> in
> a public forum it’s public domain.
> “Amitrajit Banerjee.” wrote in message
> news:xxxxx@ntdev…
>
>
>
>
> hey ppl,
>
> if i want to encrypt all content of a disk, sector wise, I believe i need
> to write a driver that attaches itself to disk.sys.
>
> Exactly which all IRPs I need to trap and monitor? Ofcourse, I need to
> decrypt the disk also. Forget complexities regarding boot time
> decryptions. Just tell me the IRPS I need to monitor.
>
> regards
> amitr0
>
>
> Note:-
> 1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
> 2) Kindly Acknowledge This Mail At The Earliest.
> 3) This E-Mail Might contain Confidential information. If You Are Not
> Entitled
> To View it, Please Delete The Message Immediately And Inform Me.
> Thanking You,
> Amitrajit Banerjee.
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Gary G. Little[SMTP:glittle@mn.rr.com]
Reply To: Windows System Software Devs Interest List
Sent: Monday, June 13, 2005 4:37 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Re:disk encryption

The problem is that a software solution does NOT provide you 100% encryption
on an HDD. There is still a lot of information that can be extracted from a
disc using forensic tools that are openly available. A simple pass through
command can kick any HDD into a diagnostic mode. What kind of information
can be extracted from the ensuing diagnostic logs? Most likely more than you
want your encrypted HDD to reveal. How much overhead information is written
to the disc in header and trailer portions of a sector? Header and trailer
information of a physical sector on disc can be as large as 128 bytes, and
since that is managed by the firmware on the disc, your software won’t
en/decrypt it. Do you or do you not want the bad guy to have access to that
info, from which they could conveniently

What could they do? Do you want to say overhead info contains something related to stored data contents? Even if it is a case, it won’t be a problem is disk driver stores only encrypted data and everything including pagefile is encrypted. Encryption in firmware may be a good idea but I don’t see how it is related to data safety. Encryption is as strong as encryption algorithm used if there isn’t something weak in implementation and if software ensures whole disk is encrypted, there is no real difference.

BTW, from where gets firmware the encryption key?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

Actually there are couple things –

1. Hacker would first try to get the key. Easy enough !!

2. If (1) is difficult, then (s)he would try to play with the encripted data
   to comeup with something that would lead to plain txt (stream ). Reversing !

Firmware based implementation try to hide the key in some places ( … )
that only firmware has access of. Also user/psw. Detail should be avoided
here !!!

-pro

----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 10:56 AM
Subject: RE: [ntdev] Re:disk encryption

> ----------
> From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Gary G. Little[SMTP:glittle@mn.rr.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Monday, June 13, 2005 4:37 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Re:disk encryption
>
> The problem is that a software solution does NOT provide you 100%
encryption
> on an HDD. There is still a lot of information that can be extracted from
a
> disc using forensic tools that are openly available. A simple pass through
> command can kick any HDD into a diagnostic mode. What kind of information
> can be extracted from the ensuing diagnostic logs? Most likely more than
you
> want your encrypted HDD to reveal. How much overhead information is
written
> to the disc in header and trailer portions of a sector? Header and trailer
> information of a physical sector on disc can be as large as 128 bytes, and
> since that is managed by the firmware on the disc, your software won’t
> en/decrypt it. Do you or do you not want the bad guy to have access to
that
> info, from which they could conveniently
>
What could they do? Do you want to say overhead info contains something
related to stored data contents? Even if it is a case, it won’t be a problem
is disk driver stores only encrypted data and everything including pagefile
is encrypted. Encryption in firmware may be a good idea but I don’t see how
it is related to data safety. Encryption is as strong as encryption
algorithm used if there isn’t something weak in implementation and if
software ensures whole disk is encrypted, there is no real difference.

BTW, from where gets firmware the encryption key?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Monday, June 13, 2005 8:36 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re:disk encryption

Firmware based implementation try to hide the key in some places ( … )
that only firmware has access of. Also user/psw. Detail should be avoided
here !!!

Nope. Proper implementation must not store encryption key anywhere. If it does, it is broken and hiding details is just security obscurity. That’s why I’m asking.

Encryption key can be derived some way from data only user knows, for example from password. Then it is necessary to check if key is correct; for example decrypt some part of encrypted data, generate hash and compare with stored one. But there must be no way how to get key without user data. If firmware can do it, hacker can, too.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

Prokash Sinha wrote:

Actually there are couple things –

1. Hacker would first try to get the key. Easy enough !!

2. If (1) is difficult, then (s)he would try to play with the encripted data
   to comeup with something that would lead to plain txt (stream ). Reversing !

Firmware based implementation try to hide the key in some places ( … )
that only firmware has access of. Also user/psw. Detail should be avoided
here !!!

Security that depends on the secrecy of the algorithm is no security at all.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

First that is the way lot of implementation(s) are -.

1. When using password ? Use it for what ? There are thoughts that even make
   some transformation(s) on usr/psw and use that as encryption. So there is
   the bootstrap and what is that?. That is usr/psw. And where do we keep these
   ?. How much is the exposure window from when an usr types ( assuming no-one
   in around and some trojan(s) playing its role ) to actually goes to the
   firmware level and/or before it is already hashed ? — SURE THOSE ARE THE
   DETAIL(S)…

2. The best we could do is to apply one-way hash for encryption etc. Where
   prob(collison ) is almost zero. But in order to use that, somewhere someone
   has to use those usr/psw or some combination …

IN ESSENCE, WE ARE INDIRECTING, from one level to another. But in most cases
something/somewhere has to bootstrap this whole implementation(s).

Nothing is really totally secured when a total implementation is under
analysis !!!

My point was that with firmware implementation some of the bits stored for
different things are almost impossible to retrieve. Or at least not so
easily. On the otherhand, software based implementation(s) has an window
that is recurring, firmware based can avoid that.

Note one-way hash being not reversable, does not mean that there is a
probabliity that one can get to it ( collision effect ).

Yes in theory, security by obscurity is no security. In practice you really
want to minimize the window ( in time as well as in space ).

-pro

----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 11:47 AM
Subject: RE: [ntdev] Re:disk encryption

> ----------
> From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Monday, June 13, 2005 8:36 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Re:disk encryption
>
> Firmware based implementation try to hide the key in some places ( … )
> that only firmware has access of. Also user/psw. Detail should be avoided
> here !!!
>
Nope. Proper implementation must not store encryption key anywhere. If it
does, it is broken and hiding details is just security obscurity. That’s why
I’m asking.

Encryption key can be derived some way from data only user knows, for
example from password. Then it is necessary to check if key is correct; for
example decrypt some part of encrypted data, generate hash and compare with
stored one. But there must be no way how to get key without user data. If
firmware can do it, hacker can, too.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Sorry for some typos . I meant to say that even if we use one-way hash (
primarly based on primality, hence difficult to factor ) there is always a
probability from the cryto-analytic point of view to hit the home run !!!.

I’M IN THE MIDDLE OF PACKING TO HEAD OFF TO REDMOND. RECENTLY ACCEPTED AN
OFFER FROM MICROSOFT’S VIRTUAL MACHINE RELATED team. So sorry for my
thinking not being so clear !!!

-pro

----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 12:23 PM
Subject: Re: [ntdev] Re:disk encryption

> First that is the way lot of implementation(s) are -.
>
> 1) When using password ? Use it for what ? There are thoughts that even
make
> some transformation(s) on usr/psw and use that as encryption. So there is
> the bootstrap and what is that?. That is usr/psw. And where do we keep
these
> ?. How much is the exposure window from when an usr types ( assuming
no-one
> in around and some trojan(s) playing its role ) to actually goes to the
> firmware level and/or before it is already hashed ? — SURE THOSE ARE
THE
> DETAIL(S)…
>
> 2) The best we could do is to apply one-way hash for encryption etc. Where
> prob(collison ) is almost zero. But in order to use that, somewhere
someone
> has to use those usr/psw or some combination …
>
> IN ESSENCE, WE ARE INDIRECTING, from one level to another. But in most
cases
> something/somewhere has to bootstrap this whole implementation(s).
>
> Nothing is really totally secured when a total implementation is under
> analysis !!!
>
> My point was that with firmware implementation some of the bits stored
for
> different things are almost impossible to retrieve. Or at least not so
> easily. On the otherhand, software based implementation(s) has an window
> that is recurring, firmware based can avoid that.
>
> Note one-way hash being not reversable, does not mean that there is a
> probabliity that one can get to it ( collision effect ).
>
> Yes in theory, security by obscurity is no security. In practice you
really
> want to minimize the window ( in time as well as in space ).
>
> -pro
>
>
> ----- Original Message -----
> From: “Michal Vodicka”
> To: “Windows System Software Devs Interest List”
> Sent: Monday, June 13, 2005 11:47 AM
> Subject: RE: [ntdev] Re:disk encryption
>
>
> > ----------
> > From:
> xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
on
> behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
> > Reply To: Windows System Software Devs Interest List
> > Sent: Monday, June 13, 2005 8:36 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Re:disk encryption
> >
> > Firmware based implementation try to hide the key in some places (
… )
> > that only firmware has access of. Also user/psw. Detail should be
avoided
> > here !!!
> >
> Nope. Proper implementation must not store encryption key anywhere. If it
> does, it is broken and hiding details is just security obscurity. That’s
why
> I’m asking.
>
> Encryption key can be derived some way from data only user knows, for
> example from password. Then it is necessary to check if key is correct;
for
> example decrypt some part of encrypted data, generate hash and compare
with
> stored one. But there must be no way how to get key without user data. If
> firmware can do it, hacker can, too.
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http://www.upek.com]
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Sorry, Pro, you overcomplicate it. It is quite simple. You have encrypted data and you can’t access them until have a key. There is no window. Once data are necessary, software has to ask user for a key. It isn’t important if user brings a real key (on smartcard, flashdisk etc.) or a piece of data (password) used for key generation. Important point is nobody can access data without correct key and the only way how to get key without user help is brute force attack.

Also, one way hash collisions aren’t important in this case. Hash is used just for key verification and possible collision has no real use for hacker. It would just mean he found a wrong key with the same hash.

Security by obscurity is no security both in theory and in practice.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
Reply To: Windows System Software Devs Interest List
Sent: Monday, June 13, 2005 9:34 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re:disk encryption

Sorry for some typos . I meant to say that even if we use one-way hash (
primarly based on primality, hence difficult to factor ) there is always a
probability from the cryto-analytic point of view to hit the home run !!!.

I’M IN THE MIDDLE OF PACKING TO HEAD OFF TO REDMOND. RECENTLY ACCEPTED AN
OFFER FROM MICROSOFT’S VIRTUAL MACHINE RELATED team. So sorry for my
thinking not being so clear !!!

-pro

----- Original Message -----
From: “Prokash Sinha”
> To: “Windows System Software Devs Interest List”
> Sent: Monday, June 13, 2005 12:23 PM
> Subject: Re: [ntdev] Re:disk encryption
>
>
> > First that is the way lot of implementation(s) are -.
> >
> > 1) When using password ? Use it for what ? There are thoughts that even
> make
> > some transformation(s) on usr/psw and use that as encryption. So there is
> > the bootstrap and what is that?. That is usr/psw. And where do we keep
> these
> > ?. How much is the exposure window from when an usr types ( assuming
> no-one
> > in around and some trojan(s) playing its role ) to actually goes to the
> > firmware level and/or before it is already hashed ? — SURE THOSE ARE
> THE
> > DETAIL(S)…
> >
> > 2) The best we could do is to apply one-way hash for encryption etc. Where
> > prob(collison ) is almost zero. But in order to use that, somewhere
> someone
> > has to use those usr/psw or some combination …
> >
> > IN ESSENCE, WE ARE INDIRECTING, from one level to another. But in most
> cases
> > something/somewhere has to bootstrap this whole implementation(s).
> >
> > Nothing is really totally secured when a total implementation is under
> > analysis !!!
> >
> > My point was that with firmware implementation some of the bits stored
> for
> > different things are almost impossible to retrieve. Or at least not so
> > easily. On the otherhand, software based implementation(s) has an window
> > that is recurring, firmware based can avoid that.
> >
> > Note one-way hash being not reversable, does not mean that there is a
> > probabliity that one can get to it ( collision effect ).
> >
> > Yes in theory, security by obscurity is no security. In practice you
> really
> > want to minimize the window ( in time as well as in space ).
> >
> > -pro
> >
> >
> > ----- Original Message -----
> > From: “Michal Vodicka”
> > To: “Windows System Software Devs Interest List”
> > Sent: Monday, June 13, 2005 11:47 AM
> > Subject: RE: [ntdev] Re:disk encryption
> >
> >
> > > ----------
> > > From:
> > xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
> on
> > behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]>
> > > Reply To: Windows System Software Devs Interest List
> > > Sent: Monday, June 13, 2005 8:36 PM
> > > To: Windows System Software Devs Interest List
> > > Subject: Re: [ntdev] Re:disk encryption
> > >
> > > Firmware based implementation try to hide the key in some places (
> … )
> > > that only firmware has access of. Also user/psw. Detail should be
> avoided
> > > here !!!
> > >
> > Nope. Proper implementation must not store encryption key anywhere. If it
> > does, it is broken and hiding details is just security obscurity. That’s
> why
> > I’m asking.
> >
> > Encryption key can be derived some way from data only user knows, for
> > example from password. Then it is necessary to check if key is correct;
> for
> > example decrypt some part of encrypted data, generate hash and compare
> with
> > stored one. But there must be no way how to get key without user data. If
> > firmware can do it, hacker can, too.
> >
> > Best regards,
> >
> > Michal Vodicka
> > UPEK, Inc.
> > [xxxxx@upek.com, http://www.upek.com]
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@garlic.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

An important first step in considering the security is to establish a
“threat model”. In other words, what do you consider to be the threats
against which you are trying to protect.

Start off with the fundamental premise that “there are no totally secure
systems”. Thus, we know that we can only establish “relatively secure”
systems. But relatively secure against what? Physical threat (which is
the point of securing the disk - it protects against the hard disk
being removed from the machine). Loss of the data device (e.g., the
laptop that “disappears” while going through the security checkpoint at
the airport because someone knows you have valuable information on it -
a real-world scenario)? Are you trying to protect against an
intelligence service of a foreign country with cryptoanalytic experts?

Gary’s point earlier (about traffic analysis) is a fascinating one -
often, for example, intelligence services monitor the RATE of traffic,
not just rely upon the CONTENT of the traffic. This is because decoding
content is expensive and time-consuming using even simplistic algorithms
for protection. But when we observe a sudden spike in communications,
for example, we can theorize that this indicates some imminent action -
even if we don’t know what it is (that is one source of heightened
terror alerts in the US, for example). The counter-measure to this (by
the way) is to establish a CONSTANT rate of communications - and inside
the (encrypted) data stream you indicate which pieces are bandwidth
filling fluff and which are not. Of course if your threat model is that
people are going to be watching bus-level traffic between your computer
system and your hard disk (and somehow you mysteriously don’t notice
them) then in fact encryption at the disk level probably is not going to
be sufficient.

But maybe your environment is where storage is on a NETWORK (SAN) in
which case encrypting the data on the computer probably works well,
whereas encrypting on the disk drive doesn’t (since anyone can observe
it on the SAN).

Another example: if you REALLY wand a good secure hard disk, use two.
On the first hard disk, collect random chatter (radioactive decay
products are good for this, for example, as is sampling white noise in
radio spectrum, observing quantum excitement, etc.) When that hard
disk is full, you now have your key. When you write data to the second
hard disk, read the corresponding data from the key, XOR it with the
data, and write it to the second hard disk; the best case here is one
where you never reuse the same block on the disk - think WORM media in
that instance.

When you go home at night, take the first hard disk with you. The
second hard disk, having absolutely no special intelligence,firmware or
software is immune from all known cryptanalytic attacks. BUT - you
can’t use the same key to encrypt a second hard disk, nor can you leave
your key lying about. Thus your security relies upon ensuring the
security of your key.

The harshest reality in security is that once you really DO lock down
the system, the biggest single threat remains the people using the
computer system. Want a REALLY secure system? Turn it off, encase it
in concrete. That is quite secure. No EM trace techniques, no network
attacks, no removable media, nothing. Not very useful, either.

So - before talking about what is secure, it would be best to describe
the class of attacks against which you are trying to attack. Generally,
your goal is going to be to make it SO expensive to break your security
that they won’t do it because the benefit is not worth the cost.

If you have TRULY sensitive information (like the NOC list for your
intelligence organization), I’d strongly encourage you to look at using
“write once” pads. I know someone around here who has been working in
the area of quantum cryptography as a means of generating one use pads
(see US Patent # 6,868,495 which covers their “One-time pad Encryption
key Distribution” method). FYI: the cryptography of one-use pads is well
established to be secure - it is the “gold standard” of data encryption
security. Whether or not the distribution technique described in the
above patent will withstand the scrutiny of the security community has
yet to be determine.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Monday, June 13, 2005 3:24 PM
To: ntdev redirect
Subject: Re: [ntdev] Re:disk encryption

First that is the way lot of implementation(s) are -.

1. When using password ? Use it for what ? There are thoughts that even
   make
   some transformation(s) on usr/psw and use that as encryption. So there
   is
   the bootstrap and what is that?. That is usr/psw. And where do we keep
   these
   ?. How much is the exposure window from when an usr types ( assuming
   no-one
   in around and some trojan(s) playing its role ) to actually goes to the
   firmware level and/or before it is already hashed ? — SURE THOSE ARE
   THE
   DETAIL(S)…

2. The best we could do is to apply one-way hash for encryption etc.
   Where
   prob(collison ) is almost zero. But in order to use that, somewhere
   someone
   has to use those usr/psw or some combination …

IN ESSENCE, WE ARE INDIRECTING, from one level to another. But in most
cases
something/somewhere has to bootstrap this whole implementation(s).

Nothing is really totally secured when a total implementation is under
analysis !!!

My point was that with firmware implementation some of the bits stored
for
different things are almost impossible to retrieve. Or at least not so
easily. On the otherhand, software based implementation(s) has an window
that is recurring, firmware based can avoid that.

Note one-way hash being not reversable, does not mean that there is a
probabliity that one can get to it ( collision effect ).

Yes in theory, security by obscurity is no security. In practice you
really
want to minimize the window ( in time as well as in space ).

-pro

----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 11:47 AM
Subject: RE: [ntdev] Re:disk encryption

> ----------
> From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Monday, June 13, 2005 8:36 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Re:disk encryption
>
> Firmware based implementation try to hide the key in some places (
… )
> that only firmware has access of. Also user/psw. Detail should be
avoided
> here !!!
>
Nope. Proper implementation must not store encryption key anywhere. If
it
does, it is broken and hiding details is just security obscurity. That’s
why
I’m asking.

Encryption key can be derived some way from data only user knows, for
example from password. Then it is necessary to check if key is correct;
for
example decrypt some part of encrypted data, generate hash and compare
with
stored one. But there must be no way how to get key without user data.
If
firmware can do it, hacker can, too.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

So what? The forensic/passthru tool will see the crypted data. The
cleartext data never hits the disk.

On-disk data encryption is a good idea. Without it, the
disk/computer/laptop steal will surely reveal all information to the thief.
With it, it is nearly unbreakable - if proper crypto is used.

The only weak thing is that full-disk encryption of the boot drive is a
PITA. a) hard to boot from the encrypted disk b) hard to encrypt the hiberfile
c) crash dumps should be just plain disabled d) if encrypts all Windows and
gives the attacker lots of known cleartext.

So, per-file encryption at FS filter level is a better idea for me.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Gary G. Little”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 6:37 PM
Subject: Re:[ntdev] Re:disk encryption

> The problem is that a software solution does NOT provide you 100% encryption
> on an HDD. There is still a lot of information that can be extracted from a
> disc using forensic tools that are openly available. A simple pass through
> command can kick any HDD into a diagnostic mode. What kind of information
> can be extracted from the ensuing diagnostic logs? Most likely more than you
> want your encrypted HDD to reveal. How much overhead information is written
> to the disc in header and trailer portions of a sector? Header and trailer
> information of a physical sector on disc can be as large as 128 bytes, and
> since that is managed by the firmware on the disc, your software won’t
> en/decrypt it. Do you or do you not want the bad guy to have access to that
> info, from which they could conveniently
>
>
> “Else Kluger” wrote in message news:xxxxx@ntdev…
> > Gary,
> >
> > “… The hole in the plan to encrypt a disc using runtime software is that
> > access can only be denied while that software is running.”
> >
> > The idea is not to deny acccess, but to enable transparent en/decyrption
> > and by this allow access.
> > And I’d be very interested in the tool that successfully opened an
> > encrypted disk plugged into another system,
> > not knowing the password to open the disk, and maybe not even knowing the
> > algorithm used.
> >
> > Regards
> > Else
> >
> >
> >
> >
> >
> > “Gary G. Little”
> > To: “Windows
> > System Software Devs Interest List”
> > Sent by: cc:
> > bounce-211622-16691@li Subject: Re:[ntdev]
> > disk encryption (Unsigned Mail)
> > sts.osr.com
> >
> >
> > 06/10/2005 06:47 PM
> > Please respond to
> > “Windows System
> > Software Devs Interest
> > List”
> >
> >
> >
> >
> >
> > You need to filter the read and write IRPs and the Device control IRPs,
> > given that using pass-through on XP SP2, I can read and write anything
> > that
> > I want, on either SCSI or ATA/IDE interfaces, given that I am logged in as
> > admin. On XP SP1 and below this might not be as critical since
> > pass-through
> > for ATA/IDE was more limited in scope than it is in Server 2003 or XP XP2.
> > Basically it was “broken” in SP1 and fixed in SP2.
> >
> > But this still will not deny access to the thief that can transfer the
> > encrypted drive to another machine where they then can do what is needed
> > to
> > break the encryption. The hole in the plan to encrypt a disc using runtime
> > software is that access can only be denied while that software is running.
> > Run another OS, or disable the encrypting software, and whoever you were
> > attempting to deny access to now has access. All that is needed is a bit
> > of
> > time and the proper tools.
> >
> > –
> > The personal opinion of
> > Gary G. Little
> >
> > PS: Maybe I’m simply being a curmudgeon, but I certainly would appreciate
> > you removing the bovine scatology at the end of your posts. I do not like
> > the advertisement and if the info in your email is confidential you should
> > NOT be posting it here in the first place. The assumption is that if its
> > in
> > a public forum it’s public domain.
> > “Amitrajit Banerjee.” wrote in message
> > news:xxxxx@ntdev…
> >
> >
> >
> >
> > hey ppl,
> >
> > if i want to encrypt all content of a disk, sector wise, I believe i need
> > to write a driver that attaches itself to disk.sys.
> >
> > Exactly which all IRPs I need to trap and monitor? Ofcourse, I need to
> > decrypt the disk also. Forget complexities regarding boot time
> > decryptions. Just tell me the IRPS I need to monitor.
> >
> > regards
> > amitr0
> >
> >
> > Note:-
> > 1) Spelling Mistakes and Grammatical Errors, If Any, Are Regretted.
> > 2) Kindly Acknowledge This Mail At The Earliest.
> > 3) This E-Mail Might contain Confidential information. If You Are Not
> > Entitled
> > To View it, Please Delete The Message Immediately And Inform Me.
> > Thanking You,
> > Amitrajit Banerjee.
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

>Encryption key can be derived some way from data only user knows, for example
from

password. Then it is necessary to check if key is correct; for example decrypt
some part
of encrypted data, generate hash and compare with stored one. But there must
be no

For extra safety, you can avoid having this validator. So, if the password is
wrong - then the disk will contain no valid metadata (and yes, SHELL32 will
suggest to format it )

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

>Also, one way hash collisions aren’t important in this case.

The so-called “vulnerability of SHA1” just decreases its strength 1024 times,
the hash is still very, very strong.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

>An important first step in considering the security is to establish a

“threat model”.

Exactly. I would recommend the brilliant book by David LeBlanc on this subject.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Maxim S. Shatskih[SMTP:xxxxx@storagecraft.com]
Reply To: Windows System Software Devs Interest List
Sent: Monday, June 13, 2005 10:28 PM
To: Windows System Software Devs Interest List
Subject: Re: Re:[ntdev] Re:disk encryption

The only weak thing is that full-disk encryption of the boot drive is a
PITA. a) hard to boot from the encrypted disk b) hard to encrypt the hiberfile
c) crash dumps should be just plain disabled

To be honest, firmware level encryption can avoid all above problems. It should be transparent to OS. It could be safe if properly implemented which is a question.

d) if encrypts all Windows and
gives the attacker lots of known cleartext.

Good encryption algorithms should be resistant against known plaintext attack. In addition, you’d have to find where windows files are exactly stored.

So, per-file encryption at FS filter level is a better idea for me.

The problem is unencrypted data can enter disk and you have very limited control over it. Temp files, pagefile, hiberfile, crashdumps. It depends on app where to store temporary data and I saw stupid apps which created directory for temp data at C: drive although I have both TEMP and TMP variables set to d:\temp.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

Some very good points. The concept of ‘traffic flow security’ has been used
by the NSA for several decades. Some early crypto equipment only sent data
on the communications circuit when messages were sent. Later equipment sent
constant streams of encrypted data so no analysis could be done to determine
if it was just junk or real data was being sent.

The government also uses a fairly simple method of distributing one-time
pads and other cryptographic keys. The courriers are sent and the
recipients sign for the material after ensuring they haven’t been opened or
tampered with. They also are required to acknowledge receipt via a secure
communications channel listing the specific serial numbers and other IDs of
the items. If security is important enough then all courriers and
recipients are two-man teams who have special safes that require two
combinations to open.

The civilian world hasn’t begun to paranoid enough about security. The
military has the added incentive of Fort Leavenworth, Kansas to motivate
their people to follow the rules. It is not 100% effective, but frequent
changes of personel also helps. Most serious breaches I have seen reported
in the news said that the person who sold secrets was in a position for a
very long time.

The simple XOR key using truly random data is a good idea. That is actually
an implementation of a one-time key pad. The biggest problem is maintaining
the security of the key. Good crypto aglorithms are always open to analysis
by others. Some like DES depended upon doing computations that were
difficult with software, but much easier to implement in hardware. Taking a
key that a user enters and generating the translation and XOR tables that
are almost totally random and large enough to prevent cryptoanalysis is not
easy. Increasing computer power makes it more and more difficult each year.

“Tony Mason” wrote in message news:xxxxx@ntdev…
An important first step in considering the security is to establish a
“threat model”. In other words, what do you consider to be the threats
against which you are trying to protect.

Start off with the fundamental premise that “there are no totally secure
systems”. Thus, we know that we can only establish “relatively secure”
systems. But relatively secure against what? Physical threat (which is
the point of securing the disk - it protects against the hard disk
being removed from the machine). Loss of the data device (e.g., the
laptop that “disappears” while going through the security checkpoint at
the airport because someone knows you have valuable information on it -
a real-world scenario)? Are you trying to protect against an
intelligence service of a foreign country with cryptoanalytic experts?

Gary’s point earlier (about traffic analysis) is a fascinating one -
often, for example, intelligence services monitor the RATE of traffic,
not just rely upon the CONTENT of the traffic. This is because decoding
content is expensive and time-consuming using even simplistic algorithms
for protection. But when we observe a sudden spike in communications,
for example, we can theorize that this indicates some imminent action -
even if we don’t know what it is (that is one source of heightened
terror alerts in the US, for example). The counter-measure to this (by
the way) is to establish a CONSTANT rate of communications - and inside
the (encrypted) data stream you indicate which pieces are bandwidth
filling fluff and which are not. Of course if your threat model is that
people are going to be watching bus-level traffic between your computer
system and your hard disk (and somehow you mysteriously don’t notice
them) then in fact encryption at the disk level probably is not going to
be sufficient.

But maybe your environment is where storage is on a NETWORK (SAN) in
which case encrypting the data on the computer probably works well,
whereas encrypting on the disk drive doesn’t (since anyone can observe
it on the SAN).

Another example: if you REALLY wand a good secure hard disk, use two.
On the first hard disk, collect random chatter (radioactive decay
products are good for this, for example, as is sampling white noise in
radio spectrum, observing quantum excitement, etc.) When that hard
disk is full, you now have your key. When you write data to the second
hard disk, read the corresponding data from the key, XOR it with the
data, and write it to the second hard disk; the best case here is one
where you never reuse the same block on the disk - think WORM media in
that instance.

When you go home at night, take the first hard disk with you. The
second hard disk, having absolutely no special intelligence,firmware or
software is immune from all known cryptanalytic attacks. BUT - you
can’t use the same key to encrypt a second hard disk, nor can you leave
your key lying about. Thus your security relies upon ensuring the
security of your key.

The harshest reality in security is that once you really DO lock down
the system, the biggest single threat remains the people using the
computer system. Want a REALLY secure system? Turn it off, encase it
in concrete. That is quite secure. No EM trace techniques, no network
attacks, no removable media, nothing. Not very useful, either.

So - before talking about what is secure, it would be best to describe
the class of attacks against which you are trying to attack. Generally,
your goal is going to be to make it SO expensive to break your security
that they won’t do it because the benefit is not worth the cost.

If you have TRULY sensitive information (like the NOC list for your
intelligence organization), I’d strongly encourage you to look at using
“write once” pads. I know someone around here who has been working in
the area of quantum cryptography as a means of generating one use pads
(see US Patent # 6,868,495 which covers their “One-time pad Encryption
key Distribution” method). FYI: the cryptography of one-use pads is well
established to be secure - it is the “gold standard” of data encryption
security. Whether or not the distribution technique described in the
above patent will withstand the scrutiny of the security community has
yet to be determine.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Prokash Sinha
Sent: Monday, June 13, 2005 3:24 PM
To: ntdev redirect
Subject: Re: [ntdev] Re:disk encryption

First that is the way lot of implementation(s) are -.

1) When using password ? Use it for what ? There are thoughts that even
make
some transformation(s) on usr/psw and use that as encryption. So there
is
the bootstrap and what is that?. That is usr/psw. And where do we keep
these
?. How much is the exposure window from when an usr types ( assuming
no-one
in around and some trojan(s) playing its role ) to actually goes to the
firmware level and/or before it is already hashed ? — SURE THOSE ARE
THE
DETAIL(S)…

2) The best we could do is to apply one-way hash for encryption etc.
Where
prob(collison ) is almost zero. But in order to use that, somewhere
someone
has to use those usr/psw or some combination …

IN ESSENCE, WE ARE INDIRECTING, from one level to another. But in most
cases
something/somewhere has to bootstrap this whole implementation(s).

Nothing is really totally secured when a total implementation is under
analysis !!!

My point was that with firmware implementation some of the bits stored
for
different things are almost impossible to retrieve. Or at least not so
easily. On the otherhand, software based implementation(s) has an window
that is recurring, firmware based can avoid that.

Note one-way hash being not reversable, does not mean that there is a
probabliity that one can get to it ( collision effect ).

Yes in theory, security by obscurity is no security. In practice you
really
want to minimize the window ( in time as well as in space ).

-pro

----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Monday, June 13, 2005 11:47 AM
Subject: RE: [ntdev] Re:disk encryption

> ----------
> From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
] on
behalf of Prokash Sinha[SMTP:xxxxx@garlic.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Monday, June 13, 2005 8:36 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Re:disk encryption
>
> Firmware based implementation try to hide the key in some places (
… )
> that only firmware has access of. Also user/psw. Detail should be
avoided
> here !!!
>
Nope. Proper implementation must not store encryption key anywhere. If
it
does, it is broken and hiding details is just security obscurity. That’s
why
I’m asking.

Encryption key can be derived some way from data only user knows, for
example from password. Then it is necessary to check if key is correct;
for
example decrypt some part of encrypted data, generate hash and compare
with
stored one. But there must be no way how to get key without user data.
If
firmware can do it, hacker can, too.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com