I didn’t see the original message; I hope you do not mind me replying to

yours instead.

A block cipher takes the key and a fixed-size block of plaintext, runs

them through a grinder (the encryption algorithm), and produces a

fixed-size block of ciphertext as its output. Repeated patterns in the

plaintext show up as repeated patterns in the ciphertext, which is not

good. This flavour is called ECB – Electronic Code-Book – mode because

it works just as if you looked up a word (plaintext block) in a codebook

(key) and found the encoding (ciphertext).

To overcome the weaknesses of ECB mode, and to remove the need for

padding the plaintext to an integral multiple of the block length, other

modes have been proposed, such as chaining, various feedback modes, and

whatnot. The most interesting of those is Counter mode.

In Counter mode, you encrypt the number “1” (padded with zeros to a full

block) with the key; the result, you XOR with plaintext block #1 to get

ciphertext block #1. You encrypt the number “2”, XOR with plaintext

block #2, getting ciphertext block #2, and so on. If the last plaintext

block is short, you just drop the unneeded bits from the encryption of

the last block number – the ciphertext remains exactly as long as the

plaintext.

To summarise: A “block cipher” is a cipher that acts on fixed-size

plaintext blocks. A “stream cipher” generates a random (well,

random-looking) stream of bits that serves as the key to XOR with the

plaintext, giving ciphertext. A “mode” is a specific way of using a

cipher. “Counter mode” essentially uses a block cipher to create the key

stream for a stream cipher.

Three bits of advice for you: First, three must-have books. Menezes/van

Oorschot/Vanstone, “Handbook of Applied Cryptography”, CRC Press;

Schneier, “Applied Cryptography Second Edition”, Wiley & Sons;

Ferguson/Schneier, “Practical Cryptography”, Wiley & Sons.

Second, the world is littered with bad encryption implementations. Given

that you seem to be a relative newcomer to this field, I *strongly*

recommend that you farm out the design and implementation of the

crypto-aspects of your product, and that you have an external crypto

specialist review the overall design. If you do not, well, the horse

might learn to sing, but I am not too confident.

Cheers,

Felix.

-----Original Message-----

From: xxxxx@lists.osr.com

[mailto:xxxxx@lists.osr.com] On Behalf Of Ladislav Zezula

Sent: Monday, 1 November 2004 02:13

To: Windows File Systems Devs Interest List

Subject: Re: Re:[ntfsd]

[ntfsd] Encrypt filter device driver on&n

bsp;ntfs

hi,Ladislav!

I dont know how to use counter-mode cipher.

What is the difference between couter-mode and block mode?

To say the truth, I am not expert to encryption methods

so I can’t explain you the differences. The only difference

I know is that the counter mode cipher is not block aligned.

If you need a counter mode implementation, look

for a free implementation on the net

(e.g. www.libtomcrypt.org)

To make the encrypt device transparent ,I cant force the encryted

files

aligned to 8 bytes.

Yes, you can. Another question is if you must.

This is a question of how you’ll design your

encryption software.

L.

Questions? First check the IFS FAQ at

https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@mvps.org

To unsubscribe send a blank email to xxxxx@lists.osr.com