while discussing with a colleague the idea came about the following encryption approach where I would like to hear your opinions about it.
Sensitive data could be encrypted by using some routine (e.g. xor; of course I knew that this offers none protection at all, but to pass the idea it's fine) which is used with a string chosen by the user. This string is nowhere stored, so it would not be possible to extract it somehow in the protected/ encrypted data with reverse engineering, DMA, etc.
When it is needed to decrypt the data (e.g. by booting an enrypted hdd) the user must enter the string which was chosen for encrypting it to receive the right data. If entering a wrong string the data still gets encrypted but with the supplied string and therefore resulting in garbage data.
Only attack point I came up with was with brute-forcing, but this should if chosen a strong encryption routine and string combo very time consuming, especially when you would have to reboot for every attempt.
Any thoughts on this? Is such a system already available or have I overlooked something (weakness)?
This was just an idea we came up with, however, as RSA etc. seems to be quite secure there wouldn't be really a need for this, just curious on other opinions.