FUD about CGD and GBDE
Perry E. Metzger
perry at piermont.com
Thu Mar 3 20:52:49 GMT 2005
"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:
> In message <Pine.NEB.4.62.0503031436160.12890 at server.duh.org>, Todd Vierling writes:
>>On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
>>
>>> At the time where I wrote GBDE, the best that was offered was CGD (and
>>> similar) and users (not cryptographers!) didn't trust it
>>
>>Could you back up this claim, insofar that "users" did not trust cgd? I
>>haven't seen any distrust of cgd -- in fact, I've seen quite a bit of
>>welcome acceptace of cgd by both users *and* cryptographers.
>
> Some of the people I talked to were very unhappy about the same key
> being used for all sectors on the disk.
Now, was that in the first day after cgd was committed or the second?
As I recall, you committed GBDE 48 hours after CGD was committed in
NetBSD. I'd be curious to hear about how much you changed your design
in that period in response to feedback on cgd. (Please correct me if
I'm wrong about the time gap.)
However:
> Some of the people I talked to were very unhappy about the same key
> being used for all sectors on the disk. Even a small weakness in
> the cipher becomes a big hole because of the amount of data this
> offers for analysis.
I think we've already established that this fear, though
understandable, is not a reasonable one under the circumstances. See
several postings already made. You are better off just using AES with
a longer key than the GBDE mechanism.
Perry
More information about the freebsd-hackers
mailing list