Subject: Re: FUD about CGD and GBDE
To: None <elric@imrryr.org>
From: ALeine <aleine@austrosearch.net>
List: tech-security
Date: 03/04/2005 12:45:22
```Someone from the NetBSD community who wishes to remain unnamed sent
me the following email, so I thought I would comment on it here because
there seem to be many others who are confused about the same issue.

> My thinking is that for each of 2^30 sectors, you're looking for
> one of 2^128 keys.  So for sector 0, 2^128 keys.  For sector 1,
> 2^128 keys.  For sector 2, 2^128 keys.  That 3 sectors and 3 * 2^128
> keys.  2^30 sectors: 2^30 * 2^128 keys, 2^(30+128) = 2^158.

That assumption is wrong, sectors are not completely independent data,
they are connected in such a way that if you want the entire disk, you
want the right variation of all the keys for all of the sectors on that
disk.

In a 128 bit key, each bit can be either 0 or 1. How many key variations
exist? The number of possible values a bit can have to the power of the
number of bits in the key (key length in bits), which is:

2^128

Now, on a disk consisting of 2^30 sectors, each sector can be encrypted
with one of 2^128 possible keys. How many disk variations exist? The
number of possible keys for a single sector to the power of the number
of sectors in a disk (disk size in sectors), which is:

(2^128)^(2^30) = 2^(128*2^30) = 2^(2^37) = 2^137438953472

Let me give you an example. Let's say you are looking for an English
3 letter word. The English alphabet has 26 letters, so if you were to
try to guess that word by brute forcing it, how many attempts would it
take to try all the variations?

The following perl script will answer that question by enumerating and
listing all the variations.

<script>
#!/usr/bin/perl

foreach \$x (A..Z) {
foreach \$y (A..Z) {
foreach \$z (A..Z) {
\$i++;
print "\$i \$x\$y\$z\n";
}
}
}
</script>

As you can see there are 17576 (26^3) and not 78 (3*26) variations,
as some falsely believe. The same can be applied to sectors. You could
argue that once you assume you have the right letter you might be able
to guess another letter because the number of valid three letters
words is a known subset of all the variations and because you know
that the entropy of the English language is low (around 2.1 bits/letter),
but even when you take those facts and apply them to sectors you will
see that it would take much more than 2^158 steps to brute force GBDE
because although the sectors are structured and you could guess a lot,
the data entropy is not zero.

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net
```