Re: filesystem encryption

Tom Weinstein (tomw@netscape.com)
Wed, 24 Jun 1998 14:34:21 -0700

• Next message: C Matthew Curtin: "OCR of Skipjack/KEA document being attempted"
• Previous message: Tom Weinstein: "Re: Java's SecureRandom"
• In reply to: Bill Frantz: "Re: Java's SecureRandom"
• Next in thread: JPeschel@aol.com: "Re: filesystem encryption"

mgraffam@mhv.net wrote:
>
> Hello all..
>
> I might try to hack ext2 to do encryption, depends on how scary the
> code looks.
>
> First, though, how about some ideas about my proposed method..
>
> I base it on a strong hash. Take some hash function H, and hash the
> sector number you want to access, concatenated with the user's key. This
> will yield some hash output, H'. XOR H' with the contents of the sector
> to encrypt/decrypt. Simple and fast. The whole system is as strong as the
> hash.. since that is basically all it is. If you need more bits for a
> sector than H' has, generate more bits with H(key+sector_number+H')
> where + is concatenation.

You're using a hash function as a keystream generator for a stream cipher.
You might as well just use RC4 in that case.

> You could also use a block cipher to encrypt the sector contents with
> the sector number and userkey as the cipher's key. The problem here is
> that you still need a hash algorithm around to hash down the passphrase
> and sector number to some random bits so that eats kernel memory, and
> the function itself will take time. Then you still have to do the actual
> block cipher crypto, which will take some more time. XORing the hash and
> the sector contents can shorten that time considerably, since you need
> to have the hash either way.. this is my main reason.. I'd like disk
> access to be as fast as possible, and all the sectors should be encrypted
> independantly so that any sector can be decrypted without needing to
> appeal to previous state.
>
> The other problem with using a block cipher like this is that most block
> ciphers have long key schedule set up routines, designed to help thwart
> brute force.. since we need to change keys every time we access a sector,
> we will have a time penalty that way.
>
> Any suggestions for a better way to do this?

If you want to minimize key setup, use a block cipher (blowfish, for
example), and use the block number (or, the block number hashed with
some salt) for the IV.

-- 
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice.  You must understand Tao before      | tomw@netscape.com
transcending structure.  -- The Tao of Programming   |

• Next message: C Matthew Curtin: "OCR of Skipjack/KEA document being attempted"
• Previous message: Tom Weinstein: "Re: Java's SecureRandom"
• In reply to: Bill Frantz: "Re: Java's SecureRandom"
• Next in thread: JPeschel@aol.com: "Re: filesystem encryption"