Subject: Re: FUD about CGD and GBDE
To: ALeine <>
From: Charles M. Hannum <>
List: tech-security
Date: 03/03/2005 22:53:49
I'm not going to defend what Thor said, nor do I even think it's worth 
discussing as it largely amounts to an "appeal to privileged knowledge."  
However, this is some extremely sloppy thinking in your writing.  To wit:

On Thursday 03 March 2005 02:43, ALeine wrote:
> At any time half of all the people are wrong about something, it's
> only a matter of time when your time will come to be in the wrong
> half or rather the right half to be wrong.

That's a false dichotomy.  There are many subjects on which the vast majority 
of people agree (such, as, I'll wager, the roundness of the Earth).

> Just because there is a tendency for new cryptographic systems to
> be broken does not mean this applies to GBDE, otherwise anything
> new would be considered wrong and we might as well stop even trying
> to innovate. Give GBDE a chance.

It is being given a chance.  "Giving it a chance" does not mean "stepping back 
and ignoring it until someone publishes an exploit."  At least one weakness 
has been identified -- namely, using a weaker encryption mode for the key-key 
blocks can reduce the strength of the entire system.  Or to put it 
metaphorically, "an algorithm is only as strong as its weakest link."

> GBDE is not replacing anything because there was nothing like it to
> replace in the first place.

That's purely false.  There are several other disk encryption systems around.