Subject: Re: FUD about CGD and GBDE
To: None <>
From: ALeine <>
List: tech-security
Date: 03/02/2005 13:52:19 wrote: 

> In message <>, Thor Lancelot Simon
> writes:
> Where I come from "home-grown" is not derogative.  All
> cryptosystems are by necessity home-grown for somebody somewhere.

I second that, standards do not come into existence out of thin
air and we might get to see the day when GBDE becomes a standard.
Now I'm waiting for someone to say that's only how we Europeans
think eventhough we have no common identity as Europeans.

> >Generally, complexity is not considered a desirable property in
> >cryptosystems.  GBDE violates this rule in spades.  There are
> >_reasons_ why complexity is not good: to begin with, a very complex
> >cryptographic construct will require detailed analysis (which it
> >does not appear GBDE has had by anyone but its author until Roland
> >started looking at it) in order that we may know that it is even as
> >secure as the underlying algorithmic building blocks it uses.
> Both Lucky Green and David Wagner has nodded vertical on GBDE.

I trust the professional opinions of both Lucky Green and David Wagner
at least an order of magnitute more than that of Roland Dowdeswell,
especially after this discussion.

Just what exactly is it about GBDE that is complex? You could explain
the concepts behind GBDE to a 12 year old and they would understand
them. The complexity lies not in analyzing GBDE but in breaking it.
You can analyze it to see how you could break it, but breaking it is
something that goes way beyond brute forcing individual sectors.
CGD, on the other hand, is the perfect victim for such brute forcing.

> I can not convince myself that encrypting a 40 GB disk sector by
> sector using the same key, even if it is 256 bits, is a safe
> design.

Neither can I, which is why I will base my work on GBDE.


P.S.: All you people cross-posting out there please cross-post
      properly (CC me). :->
WebMail FREE