FUD about CGD and GBDE

Perry E. Metzger perry at piermont.com
Fri Mar 4 14:02:59 GMT 2005 

"Poul-Henning Kamp" <phk at phk.freebsd.dk> writes:
> In message <87bra0grwe.fsf at snark.piermont.com>, "Perry E. Metzger" writes:
>>My strong suggestion for you is that you adopt a similar approach --
>>build a good framework that, given good algorithms, will provide
>>security, and make it easy for users to change over if an algorithm
>>falls.
>
> If you actually look at GBDE, you will see that any and all of the
> algorithms can be changed.  They are used only in their most basic
> capability.  This was part of the design from the start: not to
> rely on any single-source algorithm.

I understand that, but the point is to make it user friendly. CGD lets
you pick a number of crypto systems right now in its
configuration. You can pick multiple key lengths, methods of deriving
the key, etc.

I've read through things like the GBDE command man page, how-tos,
etc., and I found nothing that allows you to do stuff like change
cipher with GBDE. I also don't find support for things like
multi-factor authentication. All that could be added, of course, and I
encourage you to do it -- but my point is that it isn't there now and
you should look at doing it. If I can pick any one of several ciphers
and key lengths already or specify things like multi-factor
authentication, my apologies.

In any case, please understand that my goal is not to tell your users
that FreeBSD is garbage or anything like that. My goal is to get you
to improve what you have done. If you want to tell me I'm an idiot or
what have you, feel free, but I don't think that will serve your users
particularly well.

>>Well, so is stock AES 256. I don't see why I should assume your
>>construction is any better. What do you know that the NIST/NSA review
>>of AES did not know?
>
> That neither the authors of Rinjdael, its reviewers, nor NIST are 
> willing to offer a 25 year warranty on it.

No one rational will give a warranty on *any* encryption system for
*any* length of time. The best I can say, however, is that the US
government has approved the use of AES with 256 bit keys for very
highly secure communications, and they have a very demanding user
community.

Assuming that you can brute force a bit or two more key per year, and
assuming that better cryptanalytic techniques doubled that somehow,
you would still have many many years before 256 bit AES became a real
issue. Anyone rational attacking you will look at other flaws in your
system first.

-- 
Perry E. Metzger		perry at piermont.com

More information about the freebsd-hackers mailing list