Subject: Re: FUD about CGD and GBDE
To: None <>
From: ALeine <>
List: tech-security
Date: 03/03/2005 18:29:39 wrote: 

> I'm not going to defend what Thor said, nor do I even think it's
> worth discussing as it largely amounts to an "appeal to privileged
> knowledge."  
> However, this is some extremely sloppy thinking in your writing.

You do not understand what was said.
> To wit:
> On Thursday 03 March 2005 02:43, ALeine wrote:
> > At any time half of all the people are wrong about something,
> > it's only a matter of time when your time will come to be in the
> > wrong half or rather the right half to be wrong.
> That's a false dichotomy.  There are many subjects on which the
> vast majority of people agree (such, as, I'll wager, the roundness
> of the Earth).

Have you ever heard of statistical probability distribution and the
logical principle of bivalence (tertium non datur)? If at any time
there are x people then exists (vertically mirrored E) such a
proposition P that for at least x/2 of the people the proposition
R "x is wrong about P" holds true. The people who are wrong and the
proposition(s) are dynamic and change with time but that property
remains true at all times in a system with sufficient propositions
and a large enough number of people. Q.E.D.

> It is being given a chance.  "Giving it a chance" does not mean
> "stepping back and ignoring it until someone publishes an exploit."

Giving it a chance does not mean spreading FUD about it and shouting
around "It's new, it must be bad! I have not even read the papers or
looked at the code myself, but I will criticize it because I like
NetBSD better!" If you want to really be constructive do something
that is constructive, analyze GBDE, write a paper, improve the code.
You're just adding noise to the discussion, you may have as well
commented on my punctuation marks.

> At least one weakness  has been identified -- namely, using a weaker
> encryption mode for the key-key blocks can reduce the strength of
> the entire system. Or to put it metaphorically, "an algorithm is only
> as strong as its weakest link."

You really don't know what you're talking about, do you?
> > GBDE is not replacing anything because there was nothing like
> > it to replace in the first place.
> That's purely false.	There are several other disk encryption
> systems around.

You're right, IIRC PKZIP v1.10 had DES encryption back in 1990, someone
should have told PHK! :-P Please, get a clue, read PHK's papers.

WebMail FREE