Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <>
From: Perry E. Metzger <>
List: tech-security
Date: 03/03/2005 19:49:03
"Poul-Henning Kamp" <> writes:
> In message <>, "Perry E. Metzger" writes:
>>> MD5 was believed to be heavily understood in literature. It was
>>> well established. Look at what happened to it.
>>Yup. And Roland made the algorithm you use for encrypting your disk
>>*pluggable*. That way, if AES is broken, you can replace it with the
>>next big thing and move on with your life.
>>Now, if AES is indeed broken, GBDE is in serious trouble, but CGD is
>>not. Specific users of CGD have to change their drives, but the
>>framework continues to work as advertised.
> Gee Perry, now you're spreading FUD.
> You know perfectly well that it would take less than one hour to
> substitute another algorithm in the GBDE source code.

But you aren't built for that from the get-go. I would strongly
suggest you change that -- make your cipher a user configurable

I also very strongly suggest that the biggest real threat you face
isn't someone cracking AES but key management issues. CGD is in some
sense largely a framework for letting you do all sorts of neat things
with key management in a disk encryption context. You may want to add
similar features -- the most practical attack against your system as
it stands is a dictionary attack.

Perry E. Metzger