"Poul-Henning Kamp" <phk@phk.freebsd.dk> writes:
> In message <87d5ugi9ht.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>>> MD5 was believed to be heavily understood in literature. It was
>>> well established. Look at what happened to it.
>>
>>Yup. And Roland made the algorithm you use for encrypting your disk
>>*pluggable*. That way, if AES is broken, you can replace it with the
>>next big thing and move on with your life.
>>
>>Now, if AES is indeed broken, GBDE is in serious trouble, but CGD is
>>not. Specific users of CGD have to change their drives, but the
>>framework continues to work as advertised.
>
> Gee Perry, now you're spreading FUD.
>
> You know perfectly well that it would take less than one hour to
> substitute another algorithm in the GBDE source code.

But you aren't built for that from the get-go. I would strongly
suggest you change that -- make your cipher a user configurable
component.

I also very strongly suggest that the biggest real threat you face
isn't someone cracking AES but key management issues. CGD is in some
sense largely a framework for letting you do all sorts of neat things
with key management in a disk encryption context. You may want to add
similar features -- the most practical attack against your system as
it stands is a dictionary attack.

-- 
Perry E. Metzger		perry@piermont.com