[17019] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: comments wanted on gbde

daemon@ATHENA.MIT.EDU (Ivan Krstic)
Sun Mar 6 14:39:45 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 05 Mar 2005 19:24:55 +0100
From: Ivan Krstic <krstic@fas.harvard.edu>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050304213643.CB2603BFE41@berkshire.machshav.com>

Steven M. Bellovin wrote:
> With 
> the author's consent, I'm soliciting opinions from this group about it:
> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf

I just gave the paper a quick read and am hoping this is not meant for 
production use. The key problems to me appear to be that:

- the paper claims added security through the added complexity, when 
that's almost always untrue
- standard algorithms are used for things they weren't meant to be used for
- the numbers for the amount of work to break this seem suspect 
(although, again, I only gave them a quick read)

Did PHK even solicit proper reviews before implementation? This looks 
like another case of a programmer - in this case, a really smart 
programmer - who decides to roll his own cryptosystem with no input from 
the crypto community. Terrible Idea. He would have likely been better 
off using, say, straight AES256 for the whole disk, without any of his 
own bells and whistles.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post