In message <Pine.NEB.4.62.0503031436160.12890@server.duh.org>, Todd Vierling writes:
>On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
>
>> At the time where I wrote GBDE, the best that was offered was CGD (and
>> similar) and users (not cryptographers!) didn't trust it
>
>Could you back up this claim, insofar that "users" did not trust cgd?  I
>haven't seen any distrust of cgd -- in fact, I've seen quite a bit of
>welcome acceptace of cgd by both users *and* cryptographers.

Some of the people I talked to were very unhappy about the same key
being used for all sectors on the disk.  Even a small weakness in
the cipher becomes a big hole because of the amount of data this
offers for analysis.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.