Subject: Re: FUD about CGD and GBDE
To: ALeine <aleine@austrosearch.net>
From: Charles M. Hannum <abuse@spamalicious.com>
List: tech-security
Date: 03/03/2005 22:53:49
I'm not going to defend what Thor said, nor do I even think it's worth
discussing as it largely amounts to an "appeal to privileged knowledge."
However, this is some extremely sloppy thinking in your writing. To wit:
On Thursday 03 March 2005 02:43, ALeine wrote:
> At any time half of all the people are wrong about something, it's
> only a matter of time when your time will come to be in the wrong
> half or rather the right half to be wrong.
That's a false dichotomy. There are many subjects on which the vast majority
of people agree (such, as, I'll wager, the roundness of the Earth).
> Just because there is a tendency for new cryptographic systems to
> be broken does not mean this applies to GBDE, otherwise anything
> new would be considered wrong and we might as well stop even trying
> to innovate. Give GBDE a chance.
It is being given a chance. "Giving it a chance" does not mean "stepping back
and ignoring it until someone publishes an exploit." At least one weakness
has been identified -- namely, using a weaker encryption mode for the key-key
blocks can reduce the strength of the entire system. Or to put it
metaphorically, "an algorithm is only as strong as its weakest link."
> GBDE is not replacing anything because there was nothing like it to
> replace in the first place.
That's purely false. There are several other disk encryption systems around.