1
00:00:01,810 --> 00:00:07,020
Encrypted discs must be managed in some way especially in companies.

2
00:00:07,180 --> 00:00:12,400
We need to have the possibility of remote administration and remote program configuration that will

3
00:00:12,400 --> 00:00:15,440
encrypt and decrypt data.

4
00:00:15,500 --> 00:00:18,710
After all we will not do it to each computer separately.

5
00:00:20,410 --> 00:00:28,150
In addition some embedded emergency mode is mandatory.

6
00:00:28,270 --> 00:00:33,850
What do you do in a situation when a user with encrypted data for or the user encrypted the entire disk

7
00:00:33,850 --> 00:00:36,170
himself forgets a password.

8
00:00:38,000 --> 00:00:41,770
For example the password that allows him to decrypt the disk

9
00:00:44,560 --> 00:00:50,010
there must be some way to decrypt data on the disk on behalf of the user.

10
00:00:50,010 --> 00:00:54,210
Of course this affects security because its based on trust to the administrator

11
00:00:57,310 --> 00:01:02,170
additional benefits of programs that encrypt the disks could be something like hiding the fact of the

12
00:01:02,170 --> 00:01:06,550
presence of data on the disk.

13
00:01:06,550 --> 00:01:10,730
This is something that has not been implemented in bit locker.

14
00:01:10,790 --> 00:01:18,090
This is something that makes your crypt stand out as compared to a bit Lucker your crypt has such functionality

15
00:01:18,360 --> 00:01:25,680
that when one disk is encrypted it will create a second disk encrypted with a different key.

16
00:01:25,760 --> 00:01:31,590
Since both these disks are encrypted the analysis of these disks content for example on the computer

17
00:01:31,590 --> 00:01:38,550
is off does not show any difference between one encrypted disk and the other.

18
00:01:38,710 --> 00:01:43,840
In general it should be maximum pseudo random data.

19
00:01:43,850 --> 00:01:49,730
Now if someone asks us to decrypt a disk in most cases those who are authorized to do so such as the

20
00:01:49,730 --> 00:01:56,120
police if they ask us we have the obligation to reveal to them the password for this type of security.

21
00:01:58,020 --> 00:02:04,660
If we have the password to one disk it will be decrypted and its content made available.

22
00:02:04,680 --> 00:02:10,080
If however we dont give a second password everything that was encrypted and was on the internal hard

23
00:02:10,080 --> 00:02:11,960
disk will remain invisible.

24
00:02:12,910 --> 00:02:13,990
At least in theory

25
00:02:17,310 --> 00:02:21,990
an additional advantage to disk encryption could also be checking the integrity of the computer.

26
00:02:23,380 --> 00:02:30,600
This function is only available in bit locker and is not available in true crypt its idea is that interference

27
00:02:30,600 --> 00:02:36,750
in the computer for example moving the hard disk or a change in the order of the starting devices causes

28
00:02:36,780 --> 00:02:39,080
automatic blocking of the encrypted disk

29
00:02:46,100 --> 00:02:48,220
we've already mentioned authenticity.

30
00:02:50,170 --> 00:02:57,010
We said that a signature is used for However in the case of disks that's not possible since the sector

31
00:02:57,010 --> 00:03:00,390
has a fixed sector size.

32
00:03:00,470 --> 00:03:06,290
We can't force manufacturers of hard disks and low level software to reserve for us a few extra bytes

33
00:03:06,290 --> 00:03:08,360
in each sector.

34
00:03:08,370 --> 00:03:13,650
We also can't write checksums to another sector since there are programs that are based on the fact

35
00:03:13,650 --> 00:03:15,540
that sectors are independent of each other

36
00:03:18,120 --> 00:03:26,840
examples of such programs or database servers which in their own way manage writing and reading it cannot

37
00:03:26,840 --> 00:03:32,060
be that a change in data in one sector causes their automatic change in another sector.

38
00:03:32,060 --> 00:03:34,400
This is what would happen if a check somewhere there

39
00:03:37,570 --> 00:03:41,150
we could solve the problem by artificially doubling the size of the sector.

40
00:03:41,360 --> 00:03:44,630
Then all the problems are solved.

41
00:03:44,690 --> 00:03:46,840
We have a lot of space for the checksum.

42
00:03:46,880 --> 00:03:52,160
In addition the operating system is only half of the sectors and there is no relationship between the

43
00:03:52,160 --> 00:03:55,310
sectors.

44
00:03:55,320 --> 00:04:01,610
Unfortunately we'd have to convince users that when buying for example a 500 gigabyte disk it really

45
00:04:01,610 --> 00:04:08,940
has to be 250 gigabytes we could meet some resistance.

46
00:04:09,030 --> 00:04:15,400
Therefore disk encryption software instead of using Macs signature's broadcast bits on as many sectors

47
00:04:15,400 --> 00:04:17,810
as possible.

48
00:04:18,030 --> 00:04:23,610
In addition to encryption specific sectors use keys to avoid simple mathematic relationship

49
00:04:32,350 --> 00:04:36,510
well then how can we encrypt our hard disk.

50
00:04:36,580 --> 00:04:44,240
The first decision we make is the choice of algorithm Most often we can choose Advanced Encryption Standard

51
00:04:44,750 --> 00:04:45,650
ABS

52
00:04:48,210 --> 00:04:54,970
this algorithm won the competition for a successor of the DSL got rhythm which was started in 1997 and

53
00:04:54,970 --> 00:04:57,180
lasted for the following three years.

54
00:04:59,260 --> 00:05:05,350
It was a moment in time when that was repeatedly proven that D.S. can be cracked in less than 24 hours.

55
00:05:07,230 --> 00:05:09,730
It was time for it to be changed.

56
00:05:09,730 --> 00:05:17,520
The change occurred through an open competition anyone could submit an algorithm proposal for three

57
00:05:17,520 --> 00:05:17,990
years.

58
00:05:17,990 --> 00:05:24,600
Professionals mathematicians and cryptographers analyze the actions of various algorithms and tried

59
00:05:24,600 --> 00:05:25,380
to crack them

60
00:05:27,990 --> 00:05:30,040
yes won the competition.

61
00:05:30,900 --> 00:05:35,090
Thus security was confirmed.

62
00:05:35,230 --> 00:05:45,270
In addition yes is relatively quick in so far as that we can use 128 keys.

63
00:05:45,290 --> 00:05:51,020
The disadvantage of ABS is that if we double the Keeling's the encryption and decryption process is

64
00:05:51,020 --> 00:05:56,810
clearly slowed down performance may be 40 or 50 percent lower.

65
00:05:58,470 --> 00:06:05,990
Without a doubt it's advantages it's resistance to certain sophisticated cryptanalysis attempts together

66
00:06:05,990 --> 00:06:09,390
with this more and more popular our single chip processors.

67
00:06:11,150 --> 00:06:17,720
They're both more powerful and more functional performing more and more tasks.

68
00:06:17,870 --> 00:06:25,210
We can use single chip processors to encrypt it turned out however the safe algorithms implemented in

69
00:06:25,210 --> 00:06:27,830
single chip processors are not that safe.

70
00:06:30,250 --> 00:06:36,010
You can get the key from them by analyzing the data transferred between individual blocks between physical

71
00:06:36,010 --> 00:06:39,670
devices soldered on the keyboard.

72
00:06:39,740 --> 00:06:44,360
Among other things you can see the power consumption of individual Microcircuits.

73
00:06:44,560 --> 00:06:50,930
This is important because certain operations require more power than others for example multiplication

74
00:06:50,930 --> 00:06:54,430
is more expensive than addition.

75
00:06:54,450 --> 00:07:00,180
There's also a relationship between the key and the cost of operation which can be precisely measured

76
00:07:00,180 --> 00:07:00,630
using.

77
00:07:00,630 --> 00:07:08,150
For example an oscilloscope multiplication by 0 for example is always faster and requires less resources

78
00:07:08,150 --> 00:07:10,450
than multiplication by any other number.

79
00:07:12,740 --> 00:07:17,930
Analyzing the data transferred between the modules conclusions can be made regarding the construction

80
00:07:17,930 --> 00:07:25,230
of the key an interesting fact is that in order to protect against such attacks the creators of the

81
00:07:25,230 --> 00:07:31,720
single chip solution started to protect critically important modules with paste after removing the housing

82
00:07:32,230 --> 00:07:39,600
immediately saw where the interesting modules are E.S. is designed to balance the number of different

83
00:07:39,600 --> 00:07:43,380
operations such as addition and multiplication.

84
00:07:43,410 --> 00:07:45,930
It's resistant to this type of analysis.

85
00:07:48,380 --> 00:07:54,430
When selecting an encryption algorithm we also have the choice of the serpent algorithm.

86
00:07:54,440 --> 00:08:01,960
This is just as safe as an ESL Garou of them are clearly much slower and nonstandard this algorithm

87
00:08:01,960 --> 00:08:04,090
took second place in the competition.

88
00:08:07,010 --> 00:08:09,730
The next algorithm is Twofish.

89
00:08:09,840 --> 00:08:14,700
This is Bruce Schneier algorithm who also participated in the competition.