If I have several startup keys (.FVE files) for different Vista machines on one USB flash drive, how does each machine know which one is correct? Is the filename recorded somewhere in the unencypted portion of the drive? Or does it simple try all the possible .FVE files until it finds the lucky winner?
Thanks,
Vista: Multiple Startup Keys on one USB flash drive
Good question :)
There are a number of layers to the answer. (1) The filename uses a GUID. Each key protector (refer to WMI interface) is referenced by a GUID, these are the same GUID. (2) The structure of the binary file contains both the GUID of the encrypted volume and the GUID of the key protector. (3) When decrypting the VMK, AES/CCM is used with 256-bit AES key. This is an industry standard algorithm, that contains a nonce and a MAC (message authentication check). If the startup key was wrong, then the MAC part of the AES/CCM algorithm detects this and causes a failure. (4) Should 1-3 fail, then the data would be decrypted incorrectly into gibberish :) Thankfully 1-3 prevents (4). - Jamie Hunter [MS]
"tavis" wrote in message
If I have several startup keys (.FVE files) for different Vista machines on one USB flash drive, how does each machine know which one is correct? Is the filename recorded somewhere in the unencypted portion of the drive? Or does it simple try all the possible .FVE files until it finds the lucky winner?
Thanks,
Thanks again, Jamie.
I must give credit to my very inquisitive and bright colleagues for these questions. ;-)
"Jamie Hunter [MS]" wrote:
Good question :)
There are a number of layers to the answer. (1) The filename uses a GUID. Each key protector (refer to WMI interface) is referenced by a GUID, these are the same GUID. (2) The structure of the binary file contains both the GUID of the encrypted volume and the GUID of the key protector. (3) When decrypting the VMK, AES/CCM is used with 256-bit AES key. This is an industry standard algorithm, that contains a nonce and a MAC (message authentication check). If the startup key was wrong, then the MAC part of the AES/CCM algorithm detects this and causes a failure. (4) Should 1-3 fail, then the data would be decrypted incorrectly into gibberish :) Thankfully 1-3 prevents (4). - Jamie Hunter [MS]
"tavis" wrote in message If I have several startup keys (.FVE files) for different Vista machines on one USB flash drive, how does each machine know which one is correct? Is the filename recorded somewhere in the unencypted portion of the drive? Or does it simple try all the possible .FVE files until it finds the lucky winner?
Thanks,
Windows Vista
User login
Related topics
- Dissappearing Mouse
- activation key already in use
- hp officejet d145
- Office 2007 Activation
- X64 on Intel Platform
- When moving a window around.
- Thumbnails
- NOT a Question, Windows Explorer DESTROYED
- WMP issues with certain MP3 files
- WLMD news problem
- Empty library
- toshiba m 60
- Netgear WG 311 v2 802.11g PCI adapter card
- ATI x850
- Welcome to Windows Vista Printing, Faxing, and Scanning
- Vista Beta 2 in Vmwarev5.5
- Won't Launch
- Not Fully ACPI Compliant - Issue
- No HP drivers found
- drivers
- To the Christians
- Windows Mail Backup
- UAP - ugh
- Are you using Vista x64?
- personalization problem
- stuck on very first loading screen
- Clear DNS problem
- video card dillema (sp?)
- 5342 Build - Movie Maker Publishing
- ASUS A8N-SLI Deluxe
- Upgrade Disabled
- Hard drive getting killed after logon