[17019] in cryptography@c2.net mail archive
Re: comments wanted on gbde
daemon@ATHENA.MIT.EDU (Ivan Krstic)
Sun Mar 6 14:39:45 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 05 Mar 2005 19:24:55 +0100
From: Ivan Krstic <krstic@fas.harvard.edu>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050304213643.CB2603BFE41@berkshire.machshav.com>
Steven M. Bellovin wrote:
> With
> the author's consent, I'm soliciting opinions from this group about it:
>
> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
I just gave the paper a quick read and am hoping this is not meant for
production use. The key problems to me appear to be that:
- the paper claims added security through the added complexity, when
that's almost always untrue
- standard algorithms are used for things they weren't meant to be used for
- the numbers for the amount of work to break this seem suspect
(although, again, I only gave them a quick read)
Did PHK even solicit proper reviews before implementation? This looks
like another case of a programmer - in this case, a really smart
programmer - who decides to roll his own cryptosystem with no input from
the crypto community. Terrible Idea. He would have likely been better
off using, say, straight AES256 for the whole disk, without any of his
own bells and whistles.
Cheers,
Ivan.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
