Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: wrong key behaviour

To: stds-p1619@xxxxxxxx
Subject: RE: wrong key behaviour
From: laszlo@xxxxxxx
Date: Thu, 22 Dec 2005 21:04:54 -0700
Sender: stds-p1619@xxxxxxxx

>>the difference [between LRW and EME] is the level of granularity.
With 4KB LBA's the difference in granularity is 256 fold, not a trivial
amount. I call 16-byte granularity very weak against traffic analysis,
4KB granularity somewhat weak. There are other alternatives, too, which
are much better in this regard. I do not insist on reviving EME,
especially because of the royalty issue. It can be prohibitively
expensive at a volume of 100 million disk drives a year, we don't know
the licensing conditions, so why should we spend our time on
standardizing something we would never use?

Laszlo
> -------- Original Message --------
> Subject: Re: wrong key behaviour
> From: james hughes <Jim.P.Hughes@Sun.COM>
> Date: Thu, December 22, 2005 8:00 pm
> To: laszlo@HARS.US
> Cc: james hughes <Jim.P.Hughes@Sun.COM>, stds-p1619@IEEE.ORG
> 
> On Dec 22, 2005, at 7:32 PM, laszlo@HARS.US wrote:
> 
> >>> a "wrong key behavior" can be beyond the scope
> > The issue is rather: can the raw, encrypted data be read from the  
> > drive?
> > Maybe, the standard could just say in the introduction that LRW is  
> > weak
> > against traffic analysis,
> 
> We know that LRW is vulnerable to a per 16 byte block code book  
> attack (active and passive).  EME is vulnerable to a per sector code  
> book attack (again passive and active). So the difference is the  
> level of granularity.
> 
> If you want EME or EME-like algorithm, make the proposal and we will  
> consider it on the P1619a round.
> 
> Thanks
> 
> jim

Follow-Ups:
- Re: wrong key behaviour
  - From: james hughes

Prev by Date: Re: wrong key behaviour
Next by Date: D3 version of the draft.
Prev by thread: Re: wrong key behaviour
Next by thread: Re: wrong key behaviour
Index(es):
- Date
- Thread