Subject: Re: FUD about CGD and GBDE
To: Perry E. Metzger <>
From: Poul-Henning Kamp <>
List: tech-security
Date: 03/04/2005 08:39:31
In message <>, "Perry E. Metzger" writes:

>My strong suggestion for you is that you adopt a similar approach --
>build a good framework that, given good algorithms, will provide
>security, and make it easy for users to change over if an algorithm

If you actually look at GBDE, you will see that any and all of the
algorithms can be changed.  They are used only in their most basic
capability.  This was part of the design from the start: not to
rely on any single-source algorithm.

>Well, so is stock AES 256. I don't see why I should assume your
>construction is any better. What do you know that the NIST/NSA review
>of AES did not know?

That neither the authors of Rinjdael, its reviewers, nor NIST are 
willing to offer a 25 year warranty on it.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.