Regarding Windows Vista Disk Encryption Algorithm.
Sarad AV
jtrjtrjtr2001 at yahoo.com
Thu Oct 19 19:01:58 PDT 2006
Hello,
--- Joseph Ashwood <ashwood at msn.com> wrote:
> Without the introduction of another key it is
> impoosible to improve on the
> security proof of CBC, so what they've done is
> introduce a method of
> obfuscation that they hope will not be broken, but
> breaking it will not
> affect the security of CBC mode in any way, simply
> because if it did break
> AES-CB, an attacker could apply it themself quite
> cheaply. The proof
> basically boils down to: it's CBC, attacker loses.
> Joe
Did a search and found this.Bruce Schneier's article
suggests that BitLocker be used without the diffusers.
As you have mentioned chaining with CBC looks good
enough.
http://www.schneier.com/blog/archives/2006/05/bitlocker.html
Encryption particulars: The default data encryption
algorithm is AES-128-CBC with an additional diffuser.
The diffuser is designed to protect against
ciphertext-manipulation attacks, and is independently
keyed from AES-CBC so that it cannot damage the
security you get from AES-CBC. Administrators can
select the disk encryption algorithm through group
policy. Choices are 128-bit AES-CBC plus the diffuser,
256-bit AES-CBC plus the diffuser, 128-bit AES-CBC,
and 256-bit AES-CBC. (My advice: stick with the
default.)
--- cyphrpunk <cyphrpunk at gmail.com> wrote:
>An
>anoymous message was sent to the list on September 7
>which outlined
>Vista's TPM use and discussed some security
>implications.
http://www.ukhackers.com/story/?id=7616
This must be it :-)
Thankyou,
Sarad.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Testlist
mailing list