filesystem encryption

mgraffam@mhv.net
Tue, 23 Jun 1998 23:55:07 -0400 (EDT)

• Next message: Perry E. Metzger: "Re: GCHQ discovery of PKC"
• Previous message: Michael Froomkin - U.Miami School of Law: "Re: snake oil"
• Next in thread: jcaldwel@iquest.net: "RE: filesystem encryption"
• Reply: jcaldwel@iquest.net: "RE: filesystem encryption"
• Reply: Greg Rose: "Re: filesystem encryption"
• Reply: Tom Weinstein: "Re: filesystem encryption"
• Maybe reply: JPeschel@aol.com: "Re: filesystem encryption"

Hello all..

I might try to hack ext2 to do encryption, depends on how scary the
code looks.

First, though, how about some ideas about my proposed method..

I base it on a strong hash. Take some hash function H, and hash the sector
number you want to access, concatenated with the user's key. This will
yield some hash output, H'. XOR H' with the contents of the sector to
encrypt/decrypt. Simple and fast. The whole system is as strong as the
hash.. since that is basically all it is. If you need more bits for a
sector than H' has, generate more bits with H(key+sector_number+H')
where + is concatenation.

You could also use a block cipher to encrypt the sector contents with
the sector number and userkey as the cipher's key. The problem here is
that you still need a hash algorithm around to hash down the passphrase
and sector number to some random bits so that eats kernel memory, and
the function itself will take time. Then you still have to do the actual
block cipher crypto, which will take some more time. XORing the hash and
the sector contents can shorten that time considerably, since you need
to have the hash either way.. this is my main reason.. I'd like disk
access to be as fast as possible, and all the sectors should be encrypted
independantly so that any sector can be decrypted without needing to
appeal to previous state.

The other problem with using a block cipher like this is that most block
ciphers have long key schedule set up routines, designed to help thwart
brute force.. since we need to change keys every time we access a sector,
we will have a time penalty that way.

Any suggestions for a better way to do this?

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Let your life be a counter-friction to stop the machine."
                        Henry David Thoreau "Civil Disobedience"

• Next message: Perry E. Metzger: "Re: GCHQ discovery of PKC"
• Previous message: Michael Froomkin - U.Miami School of Law: "Re: snake oil"
• Next in thread: jcaldwel@iquest.net: "RE: filesystem encryption"
• Reply: jcaldwel@iquest.net: "RE: filesystem encryption"
• Reply: Greg Rose: "Re: filesystem encryption"
• Reply: Tom Weinstein: "Re: filesystem encryption"
• Maybe reply: JPeschel@aol.com: "Re: filesystem encryption"