Subject: Re: FUD about CGD and GBDE
To: None <>
From: Poul-Henning Kamp <>
List: tech-security
Date: 03/03/2005 19:31:20
In message <>, Thor Lancelot Simon writes:

>It also uses MD5 in a way that I would characterize as not exactly

The only role MD5 has is as a bit-blender.  Any strength it may
add is just a bonus.

>Indeed, the large number of algorithms
>used in the keying and encryption process for any block in GBDE
>does not necessarily increase its security: in fact, certain
>kinds of flaws in any one of those algorithms could in fact make
>the decryption of any particular block _more_ likely -- and Roland
>has pointed out how the design of GBDE allows such failures to
>cascade through the entire set of encrypted data.

I'm very much looking forward to Rolands analysis as compared to
his hand-waving.

>The very complexity of your system makes it very, very
>difficult to evaluate just how secure it is, and you seem to think
>that that is a benefit: comparing the incommensurables "I don't
>believe" and "I don't know, but I suspect", you land on the side of
>"I suspect".

I invite you to analyse GBDE, and once you have determined which
kinds of vulnerabilities in the compontent ciphers it would require
before "the house of cards come tumbling down".

Then, before you fly off the handle like Roland did, take a moment
to consider what else those flaws would doom.

Then report your findings in a professional way.

The argument I hear right now is "I have not bothered to actually
analyse GBDE at all but I heard there were a neck-tie party going
on so I thought'd I'd lend them a hand since it is nobody I know".

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.