Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 03/03/2005 15:00:05
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
> At the time where I wrote GBDE, the best that was offered was CGD (and
> similar) and users (not cryptographers!) didn't trust it and history
> have so far repeated.

To quote David Hume, "Never an ought from an is."  That "users" (who
are they?  how many of them?  What criterion or criteria  of trust
do they apply?) _did_ not trust X says precisely nothing about whether
users _should_ not trust X.

You seem to deny that there is a particular domain of expertise that is
cryptography, or perhaps more rightly two domains, one being largely
a subset of the other: how to design good cryptographic algorithms and
how to use good cryptographic algorithms safely.

Personally, I think that you ought to know better, and that your
insistence that there is no such expertise and that arbitrary users
(or programmers guided by the sentiment of such users) should feel just
as warranted to make recommendations about what other arbitrary users
should do, in this domain, is grossly irresponsible.  If you found out
that "most army ordnance officers believe that ball powder is superior
to IMR powder as a propellant in small-caliber rifle cartridges", would
you ignore the advice of the engineer who designed and tested your new
rifle that ball powder would cause the weapon to jam?  A lot of people
in Vietnam got dead that way: sometimes experts do know what they're
talking about, you know, and sometimes giving uninformed advice can
have extremely negative consequences.

You call Roland's criticisms of GBDE "handwaving".  It is very hard to
see how his specific refutations of the numerical claims of security
that you made in your GBDE paper should be rightly considered as such,
or why, on the basis of those false claims, you should continue to feel
confident that your advice on disk security is good advice.