Subject: Re: FUD about CGD and GBDE
To: ALeine <aleine@austrosearch.net>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 03/03/2005 17:14:46
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote:
> 
> He designed GBDE to always be harder than and never easier
> to break than the cryptographic algorithms it relies on.

Some very well-intentioned (and plenty smart) people at MIT
designed the PCBC cipher mode to always be harder than and
never easier to break than the cryptographic algorithms it
relies on.  Don Coppersmith designed the CBCM mode to always
be harder than and never easier to break than the CBC mode
of the 3DES algorithm.

Unfortunately, all these well-intentioned and very intelligent
people were wrong.  The novel cryptographic modes they designed
to always be harder to break were in fact sometimes -- in fact,
in the case of PCBC, pretty much always -- easier to break than
the boring, ordinary, pedestrian constructions they were meant
to replace.

And after all those well meaning and clever people got burned
over the years, the consensus of the community of experts (as
I percieve it, anyway) gradually became that novel cryptographic
constructions should not be used in implementations until they
had been extensively studied over a period of many years by
experts.

Those who do not know the mistakes of the past are doomed to
repeat them.

Thor