I didn’t see the original message; I hope you do not mind me replying to
yours instead.
A block cipher takes the key and a fixed-size block of plaintext, runs
them through a grinder (the encryption algorithm), and produces a
fixed-size block of ciphertext as its output. Repeated patterns in the
plaintext show up as repeated patterns in the ciphertext, which is not
good. This flavour is called ECB – Electronic Code-Book – mode because
it works just as if you looked up a word (plaintext block) in a codebook
(key) and found the encoding (ciphertext).
To overcome the weaknesses of ECB mode, and to remove the need for
padding the plaintext to an integral multiple of the block length, other
modes have been proposed, such as chaining, various feedback modes, and
whatnot. The most interesting of those is Counter mode.
In Counter mode, you encrypt the number “1” (padded with zeros to a full
block) with the key; the result, you XOR with plaintext block #1 to get
ciphertext block #1. You encrypt the number “2”, XOR with plaintext
block #2, getting ciphertext block #2, and so on. If the last plaintext
block is short, you just drop the unneeded bits from the encryption of
the last block number – the ciphertext remains exactly as long as the
plaintext.
To summarise: A “block cipher” is a cipher that acts on fixed-size
plaintext blocks. A “stream cipher” generates a random (well,
random-looking) stream of bits that serves as the key to XOR with the
plaintext, giving ciphertext. A “mode” is a specific way of using a
cipher. “Counter mode” essentially uses a block cipher to create the key
stream for a stream cipher.
Three bits of advice for you: First, three must-have books. Menezes/van
Oorschot/Vanstone, “Handbook of Applied Cryptography”, CRC Press;
Schneier, “Applied Cryptography Second Edition”, Wiley & Sons;
Ferguson/Schneier, “Practical Cryptography”, Wiley & Sons.
Second, the world is littered with bad encryption implementations. Given
that you seem to be a relative newcomer to this field, I *strongly*
recommend that you farm out the design and implementation of the
crypto-aspects of your product, and that you have an external crypto
specialist review the overall design. If you do not, well, the horse
might learn to sing, but I am not too confident.
Cheers,
Felix.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula
Sent: Monday, 1 November 2004 02:13
To: Windows File Systems Devs Interest List
Subject: Re: Re:[ntfsd]
[ntfsd] Encrypt filter device driver on&n
bsp;ntfs
hi,Ladislav!
I dont know how to use counter-mode cipher.
What is the difference between couter-mode and block mode?
To say the truth, I am not expert to encryption methods
so I can’t explain you the differences. The only difference
I know is that the counter mode cipher is not block aligned.
If you need a counter mode implementation, look
for a free implementation on the net
(e.g. www.libtomcrypt.org)
To make the encrypt device transparent ,I cant force the encryted
files
aligned to 8 bytes.
Yes, you can. Another question is if you must.
This is a question of how you’ll design your
encryption software.
L.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@mvps.org
To unsubscribe send a blank email to xxxxx@lists.osr.com