Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 03/03/2005 16:41:50
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
> And if CGD is _so_ officially approved as you say, then I can not
> for the life of me understand how it can use the same key to generate
> the IV and perform the encryption.  At the very least two different
> keys should have been used at the "expense" of making the masterkey
> 512 bits instead of 256.

Why "should" two different keys have been used?  It is possible that I
misunderstand the underlying theory, but so far as I do understand it
the only real requirement for IVs is that the Hamming distance between
any two used with the same encryption key be large.

Are you concerned about a key recovery attack?  If so, can you give
an outline of how it would work?

 Thor Lancelot Simon	                            

"The inconsistency is startling, though admittedly, if consistency is to be
 abandoned or transcended, there is no problem."		- Noam Chomsky