How does the diffuser work under BitLocker encryption?
Is the diffuser applied to each block of cyphertext within a sector, or is it somehow applied across several blocks concurrently or across the entire sector at once, some how?
I'm assuming that for an AES-256 bit key, BitLocker encrypts the entire 512-byte sector using 32-byte blocks of data. The Cypher Block Chaining (CBC), XOR's the cyphertext output of the previous block with the plaintext of the current block. How is diffusion applied, and how is the diffuser generated?
Some nice references on good ol' wikipedia: http://en.wikipedia.org/wiki/Confusion_and_diffusion http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Thanks!
BitLocker: How does Diffuser work?
Tavis, you keep firing good questions at me :)
The FVEK (Full Volume Encryption Key) contains 2 keys, one for the AES algorithm, and one for the Diffuser algorithm. This ensures the diffuser cannot weaken AES (a shared key would be an architecture concern). The diffuser is applied to an entire sector before encryption and can be described as "mixing the bits of the sector prior to encryption". The IV (initial vector) for both algorithms is derived from the sector number to ensure that sectors cannot be swapped.
Consider this in reverse, a single bit change will result in a moderate change c/o CBC, however this change gets diffused throughout all the bits of the sector resulting in an entire sector change. This mitigates creative attacks where someone would try to introduce a minor change into some code or data to change OS behavior in a desirable way.
A paper giving the details of the Diffuser (and other low level details) is forthcoming, before RTM. - Jamie Hunter [MS]
"tavis" wrote in message
How does the diffuser work under BitLocker encryption?
Is the diffuser applied to each block of cyphertext within a sector, or is it somehow applied across several blocks concurrently or across the entire sector at once, some how?
I'm assuming that for an AES-256 bit key, BitLocker encrypts the entire 512-byte sector using 32-byte blocks of data. The Cypher Block Chaining (CBC), XOR's the cyphertext output of the previous block with the plaintext of the current block. How is diffusion applied, and how is the diffuser generated?
Some nice references on good ol' wikipedia: http://en.wikipedia.org/wiki/Confusion_and_diffusion http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Thanks!
Hi Jamie,
Has the paper you mention below providing details of Diffuser and the overall encryption algorithm available yet?
If not, a question: Can you describe a bit more about how a 256-bit AES key is used to "mix up the bits" (all 512 bytes) of an *entire* sector, when the key itself is only 32 bytes long?
Thanks!
"Jamie Hunter [MS]" wrote:
Tavis, you keep firing good questions at me :)
The FVEK (Full Volume Encryption Key) contains 2 keys, one for the AES algorithm, and one for the Diffuser algorithm. This ensures the diffuser cannot weaken AES (a shared key would be an architecture concern). The diffuser is applied to an entire sector before encryption and can be described as "mixing the bits of the sector prior to encryption". The IV (initial vector) for both algorithms is derived from the sector number to ensure that sectors cannot be swapped.
Consider this in reverse, a single bit change will result in a moderate change c/o CBC, however this change gets diffused throughout all the bits of the sector resulting in an entire sector change. This mitigates creative attacks where someone would try to introduce a minor change into some code or data to change OS behavior in a desirable way.
A paper giving the details of the Diffuser (and other low level details) is forthcoming, before RTM. - Jamie Hunter [MS]
"tavis" wrote in message How does the diffuser work under BitLocker encryption?
Is the diffuser applied to each block of cyphertext within a sector, or is it somehow applied across several blocks concurrently or across the entire sector at once, some how?
I'm assuming that for an AES-256 bit key, BitLocker encrypts the entire 512-byte sector using 32-byte blocks of data. The Cypher Block Chaining (CBC), XOR's the cyphertext output of the previous block with the plaintext of the current block. How is diffusion applied, and how is the diffuser generated?
Some nice references on good ol' wikipedia: http://en.wikipedia.org/wiki/Confusion_and_diffusion http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Thanks!
Windows Vista
User login
Related topics
- Vista / XP bootmenu is invisible :-(
- Beta tester
- Can't ReadText Attachments In-Line -- How To Do??
- Access to Intranet OK, Internet Dog-Slow
- Virtual PC on Windows Vista
- Reading Video Card as 32mb when its 64mb
- 5384: Easy Transfer not transfering easy...
- Vista and Envy Audio 24PT not working
- Import from OE6 fails when folder name contains non-ascii ch
- Linksys drivers?
- BOOT.INI missing part VISTA; after installed WinXP Pro SP2
- Intellipoint/Intellipoint
- 32bit drivers on 64bit vista
- Hanging Installation
- cannot install printer software
- Harcooded program path have issues installing ?
- Realtek RTL 8139 Driver for Vista. Unable to find. :(
- Can't Login!?!
- PLEASE, Don't get rid of Virtual folders! PLEASE!!!
- Installing Office 12 Beta on Vista
- Install Vista Beta 2 on Intel iMac
- Hard drive installation of VISTA
- Urgent - FX 5600 - Go for it?
- x64 Vista beta 2 download complete
- New Error - 80070241
- Pocket PC on Vista?
- update fails
- Vista Upgrade Advisor fails to run
- charging battery
- Windows Vista Upgrade Advisor BETA
- AGP 4x vs. 8x
- SamSung monitor drivers
- Vista, IIS 7, and Frontpage Server Extensions