perry@piermont.com wrote: 

> > You are mistaking people who design cryptographic algorithms
> > and those who design cryptographic systems which integrate those
> > algorithms into functional systems.
> 
> No, I am not. PHK invented new cryptographic modes for his work.
> The fact that he does not understand this is part of the problem.

He designed GBDE to always be harder than and never easier
to break than the cryptographic algorithms it relies on. Not
only that, but it does not rely exclusively on any single
cryptographic algorithm and it does not reuse keys, both of
which CGD is guilty of.

> > Would you care to explain what qualifies Roland as a more
> > competent cyrptographic system designer than PHK?
> 
> Roland didn't try to do anything that wasn't already heavily
> understood in the literature. He invented no cryptographic modes.
> He used only algorithms that have been pre-vetted. He also asked a
> bunch of people who know better than he does to check his work.
> 
> Thus, you don't have to trust Roland at all. He didn't invent any
> new way of using any of the algorithms. You have to trust only the
> designers of the block cipher you choose to use (I'd suggest AES)
> and the password algorithm you choose to use (though the PKCS stuff
> is very good already). In order to permit even greater defense
> against key cracking, he put in a very standard and straightforward
> mechanism to permit N factor authentication.

MD5 was believed to be heavily understood in literature. It was
well established. Look at what happened to it. The fact that Roland
did not invent any new ways of using algorithms does not mean that
CGD is more secure. In fact, IMHO it is less secure because it uses
the same key for the entire disk and because it reuses the same key
for IV generation and encryption.

You have to trust Roland to integrate the well known and understood
algorithms in a correct way, trusting the algorithms alone is not
enough. In that regard, I would rather trust PHK's proven and very
well established track record as a programmer than Roland's. To be
honest, the first time I heard of Roland was when I found out about
CGD, I have not seen his name mentioned in any other reference before.
On the other hand, I have known about PHK being an excellent programmer
for at least a decade now.

> > There is a reason everything happens so slowly in the academic
> > circles. Everyone is trying to cover their asses and trying so
> > hard not to be wrong that they analyze everything ad nauseum.
> 
> No. You Do Not Understand.

I am speaking from personal experience and I know very well what
the academic circles are like, at least in Europe.
 
> Are you as good a cryptographer as Ron Rivest? I certainly am
> not. Somehow, however, MD5 has been crushed anyway. This is not
> unusual. Cryptographic algorithms are not like sorting algorithms
> or graph traversal algorithms. When you're doing 3DES, it is not
> obvious that doing the CBC on the outside instead of between the
> rounds is critical to good security -- indeed it wasn't obvious
> even to trained cryptographers.

I am not designing cryptographic algorithms, what PHK did with
GBDE cannot be compared to inventing MD5, snap out of it, you
are starting to sound like a broken record.
 
> If you aren't as good as Ron Rivest, then why are you expecting
> to design a new cryptographic mode on your first try without any
> issues arising?

It is your unfounded assumption that one has to get it perfectly
right in the first try, not mine or PHK's, AFAIK. Again, we are
not discussing the invention of the successor to SHA.

> WEP is even weaker than its design. That is because its designers
> did not know what they were doing.

I assure you PHK knows very well what he is doing and I think you
should not mention his name in the same breath along with the names
of the designers of WEP.

> Inventing new cryptographic modes is dangerous.

Living is dangerous, today you are here, tomorrow you might get
hit by a bus. But that does not mean you will stay inside your
house where you are safe (at least from buses) forever, does it?

> Anyone can get a paper published at Crypto or Eurocrypt. You need
> no PhD or other credentials. All you have to do is have something
> interesting to say. People who are "outsiders" get stuff
> published. Your claim is baseless.

Getting a paper published does not mean much. Do you know how many
papers get published at various conferences in Europe and nobody
ever even reads them, let alone implements any of the ideas in a
production environment?

> In general, geeks are meritocratic. Crypto people are not unlike
> other geeks. If you find that crypto people laugh at you, it is
> probably not because you don't know the right people, but because
> you put your foot in your mouth and swallowed hard.

In general, all generalizations are wrong, including this one.

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net