Subject: Re: FUD about CGD and GBDE
To: Perry E. Metzger <email@example.com>
From: Poul-Henning Kamp <firstname.lastname@example.org>
Date: 03/03/2005 22:08:46
In message <email@example.com>, "Perry E. Metzger" writes:
>> There is a world out here that's called the IT industry.
>Yes, there is. They routinely deploy bad security because they don't
>get people who know what they are doing involved. See WEP, for
>example, or a thousand other things.
Yes, it would really be desirable for the cryptographers to come
down from their mount olympus more often. Too bad they never
answer invitations :-(
>I have no idea what you're talking about,
Thanks for confirming what I wrote just a second ago above.
>If you're talking about MD5 which is used in many modern Unixes, it
>was done by Ron Rivest, and even though he's really good, it has
>recently been (quite badly) broken.
>> At the time where I wrote GBDE, the best that was offered was CGD (and
>> similar) and users (not cryptographers!) didn't trust it and history
>> have so far repeated.
>I have no idea what you are talking about here.
>> I can add another property of the elite society of cryptographers:
>> if you are not a card carrying member of their society, the majority
>> of their members can not even be bothered to reply to an email from
>> an outsider. This does hamper communiation a bit.
>Actually, you can show up at any crypto conference you like,
I have a better idea: Why don't we get the cryptographers to
show up at computer science conferences ? That would get the
gospel out to a far wider crowd without spoiling the highly
specialized conferences for the cryptographers.
>> Maybe the problem is that cryptographers, like true computer
>> scientists, write in nothing less portable than pencil number two ?
>It is rare to see a new algorithm show up from someone like Ron Rivest
>without some C code also appearing. That's pretty common in the crypto
>world. When the Chinese team that cracked a bunch of hash algorithms
>last summer presented their work, they had worked examples of their
You seem to misunderstand something: Computer users don't call MD5
directly. They use software which makes the calls for them. Sometimes
this software has a goal which is different from calling crypto
algorithms, in fact some of them even have the impropiety of
regarding the crypt algorithms as mere tools.
>I think you don't quite get it the point.
There are many points not being got here.
>1) No one claims that you need to be a cryptographer to write
> something like GBDE. What is being claimed is that you should not
> have invented your own cryptographic modes, and that you might have
> wanted to ask some professionals about your approach.
You have not actually studied GBDE yet, right ? You don't actually
know if I invented my own "cryptographic modes" or not, do you ?
>2) CGD *has* been looked at by a bunch of people, and was written to
> carefully use standard algorithms in a standard way. If you don't
> like using NetBSD code because NetBSD people have cooties, fine --
> I don't care, write your own. However, you should at least pay the
> same attention to conservative use of cryptographic algorithms and
> having people review your work is a good idea, too.
Even if I were alone in the world with the sentiment, I would never
call CGDs use of the same key for all sectors "conservative".
>3) You've made some very bizarre claims about the security of your
> system. Some of these claims have already been shown on their face
> to be incorrect, such as your claimed work factor for breaking your
> new "improved" crypto modes.
Sorry, they have only been disproved in a significantly larger universe
than the one my users inhabit. That doesn't count to me.
> Instead, he admitted his mistakes and wrote a version 2.
Any qualified, factually correct critique of GBDE will be taken very
serious by me. I am very much looking forward to it. What Roland
has provided is not it.
> Are your users better served by you digging in your heels and
> saying "GDBE is perfect as it is",
Now, there is one thing I have never said and would never say.
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.