Subject: Re: FUD about CGD and GBDE
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 03/03/2005 16:41:50
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
>
> And if CGD is _so_ officially approved as you say, then I can not
> for the life of me understand how it can use the same key to generate
> the IV and perform the encryption. At the very least two different
> keys should have been used at the "expense" of making the masterkey
> 512 bits instead of 256.
Why "should" two different keys have been used? It is possible that I
misunderstand the underlying theory, but so far as I do understand it
the only real requirement for IVs is that the Hamming distance between
any two used with the same encryption key be large.
Are you concerned about a key recovery attack? If so, can you give
an outline of how it would work?
--
Thor Lancelot Simon tls@rek.tjls.com
"The inconsistency is startling, though admittedly, if consistency is to be
abandoned or transcended, there is no problem." - Noam Chomsky