Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <email@example.com>
From: Richard Coleman <firstname.lastname@example.org>
Date: 03/03/2005 12:31:56
Poul-Henning Kamp wrote:
> I fully agree with you about the philosophical points, but not on
> the implications.
> I can not convince myself that encrypting a 40 GB disk sector by
> sector using the same key, even if it is 256 bits, is a safe design.
> You seem to belive otherwise.
> And that's where it ends.
> Have a good life.
I don't want to get in the middle of the GBDE/CGD debate, but my
understanding is that the amount of material you can encrypt with a
single key is dependent on the block size and (possibily the) cipher
mode, not the key size.
For instance, the NIST specification for AES and CCM mode (NIST Special
Publication 800-38C) specifically states that you must limit the number
of invocations of the block cipher (specifically AES) to 2^61. Now, I
realize that is an upper bound. But even after removing several orders
of magnitude, that leaves a huge amount of material you can encrypt with
a single key.
Just throwing out a data point.