full-disk encryption standards released
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Jan 29 00:44:03 EST 2009
"Steven M. Bellovin" <smb at cs.columbia.edu> writes:
>http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126869&intsrc=hm_ts_head
>From a quick look at what's just been released
(https://www.trustedcomputinggroup.org/groups/storage/) it doesn't actually
tell you anything about how to do disk encryption, it's just... well I'll have
to quote the doc itself because I'm not quite sure what its purpose is, but
the document claims it's an "architecture for putting Storage Devices under
policy control as determined by the trusted platform host". Reading through
the Opal spec ("minimum requirements for storage devices used in PCs and
laptops") is like reading a SCSI CDB reference, it outlines a means of
connecting something over here with something else over there with no
indication of what either of the two something's are. It seems to be mostly
intended to be a means of tying a hard drive into the TPM framework, with the
entire crypto-related portions of the Opal spec being:
2.4 Cryptographic Features
An Opal SSC compliant SD SHALL implement Full Disk Encryption for all host
accessible user data stored on media. AES-128 or AES-256 SHALL be supported
(see [FIPS 197]).
2.5 Authentication
An Opal SSC compliant SD SHALL support password authorities and
authentication.
There's an older draft from 2007 covering storage architecture which is...
um... 266 pages of the sort of thing you'd expect to emerge if the TCG tried
to define a standard for dealing with hard drives.
So I wouldn't call these "full-disk encryption standards", it's more like "TPM
glue for hard drives". The P1619/SISWG work is completely different, you can
actually take this and implement drive encryption from it, and it specifies
(in some detail) how to do it right.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list