[Cryptography] How can you enter a 256-bit key in 12 decimal digits?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Jan 3 21:43:10 EST 2016


Ray Dillinger <bear at sonic.net> writes:

>I can easily remember 40-digit sequences using mnemonics that are completely
>opaque to others; I figure that entitles me to use 128-bit key spaces.
>Nobody appears to want me to be able to do that.

That's because you're not the target market.  Vendors started adding AES
engines to the data paths of disk controllers some years ago, and in some
cases it's done by default (many Intel SSDs, for example).  The problem is
that pushing the data through an AES engine 128 bits at a time is a long way
removed from a full encryption solution, so what you typically get is AES in
ECB mode and the most basic key management you can implement, which means you
can advertise 256-bit AES (or whatever) without having to do much except
license the AES IP core at $0.001 per unit.

If you want to implement the TCG's OPAL standard for key management... well,
have a look at the spec, figure out what it'd take to implement, and then
figure out the chances of any vendor being able to do all that, as well as the
software on the host side to talk to it (which has to run at ring 0), without
leaving a whole string of 0days in their implementation.

Peter.



More information about the cryptography mailing list