[17025] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: comments wanted on gbde

daemon@ATHENA.MIT.EDU (Roland Dowdeswell)
Sun Mar 6 14:47:32 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-reply-to: Your message of "Fri, 04 Mar 2005 16:36:43 EST."
             <20050304213643.CB2603BFE41@berkshire.machshav.com> 
Date: Sun, 06 Mar 2005 14:39:50 -0500
From: Roland Dowdeswell <elric@imrryr.org>

I have started writing up a bit of an analysis of GBDE, which I
would like to have people comment on before I continue with it.
I.e. am I onto something here or not? I wrote this up very quickly
over a few sleepless nights while trying to get my normal work done
before I left on vacation, so please bear with me.  The explanations
are rather empirical.  I am planning to put some mathematics in
there eventually.  At least after I return from my vacation.

I think that I have demonstrated that there are weak master keys
which can be used to construct an attack in < 2^128 steps on
individual sectors.  I also discuss dictionary attacks and construct
another attack which is more difficult than brute forcing each
sector, but a little less time consuming than GBDE's author claims
it should be.

The URL is:

	http://www.imrryr.org/~elric/cgd/gbde-analysis.pdf

Thanks,

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post