Subject: Re: FUD about CGD and GBDE
To: None <,,>
From: Thor Lancelot Simon <>
List: tech-security
Date: 03/03/2005 16:01:13
On Thu, Mar 03, 2005 at 09:41:53PM +0100, Poul-Henning Kamp wrote:
> In message <>, Thor Lancelot Simon writes:
> >On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
> >To quote David Hume, "Never an ought from an is."
> I'm Danish by birth so english is only my second language, so I
> apologize for mangling it.

To be clear, the question is hardly one of linguistics.  Perhaps if I
call the reasoning mistake in question "the naturalistic fallacy" it
will be more familiar to you than if I just use the common paraphrase
from Hume?

What I am trying to get across is that you argued from what some
(poorly-specified) group of people _do_ believe (that "cgd", though
it had existed for precisely two days when you checked GBDE into the
FreeBSD source tree, so this seems unlikely in the extreme, was
not secure) to what everyone _should_ believe (that in fact it is
not secure).  That's not a kind of reasoning I find very persuasive.

> But in difference from everybody else (it seems) I also asked users
> and administrators what they needed and wanted from a cryptographic
> disk facility.

Unfortunately, you seem to assume that "users and administrators" were,
in general, capable of correctly turning their abstract goals about
avoiding risk into concrete principles of cryptosystem design.  I would
submit, in fact, that this is precisely the expertise that you do not
acknowledge exists.

> And then I tried very hard to engage somebody with the right
> union-card to do a review for me, and despite the fact that funding
> were available under the DARPA contract nobody would bite.

That surprises me, since I didn't see any such attempt at engagement
in any of the usual places where such experts communicate (I will
leave your "crypto-clergy" and "union-card" rhetoric aside).  Did
you solicit review on the cryptography mailing list?  On sci.crypt?
At conferences or in journals?

You say that experts told you that they were concerned about the
amount of data being encrypted with a single key in prior-art
cryptosystems.  Did it occur to you that, at the time, almost all
such cryptosystems used algorithms with a 64 bit block size, and
that that precise concern motivated the increase in block size in
newer ciphers, including AES?