From owner-freebsd-hackers@FreeBSD.ORG  Thu Mar  3 17:31:10 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B10F016A4CE
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 17:31:10 +0000 (GMT)
Received: from saturn.criticalmagic.com (saturn.criticalmagic.com
	[64.74.124.105])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 58BEB43D31
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 17:31:10 +0000 (GMT)
	(envelope-from rcoleman@criticalmagic.com)
Received: from [10.40.30.110] (delta.ciphertrust.com [216.235.158.34])
	by saturn.criticalmagic.com (Postfix) with ESMTP id 9CE393BD10;
	Thu,  3 Mar 2005 12:31:09 -0500 (EST)
Message-ID: <42274A0C.5010403@criticalmagic.com>
Date: Thu, 03 Mar 2005 12:31:56 -0500
From: Richard Coleman <rcoleman@criticalmagic.com>
Organization: Critical Magic
User-Agent: Mozilla Thunderbird 1.0 (X11/20041230)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <8837.1109868465@critter.freebsd.dk>
In-Reply-To: <8837.1109868465@critter.freebsd.dk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: tech-security@NetBSD.org
cc: elric@imrryr.org
cc: hackers@freebsd.org
cc: tls@rek.tjls.com
cc: crypto@metzdowd.com
Subject: Re: FUD about CGD and GBDE
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2005 17:31:10 -0000

Poul-Henning Kamp wrote:
> I fully agree with you about the philosophical points, but not on
> the implications.
> 
> I can not convince myself that encrypting a 40 GB disk sector by
> sector using the same key, even if it is 256 bits, is a safe design.
> 
> You seem to belive otherwise.
> 
> And that's where it ends.
> 
> Have a good life.

I don't want to get in the middle of the GBDE/CGD debate, but my 
understanding is that the amount of material you can encrypt with a 
single key is dependent on the block size and (possibily the) cipher 
mode, not the key size.

For instance, the NIST specification for AES and CCM mode (NIST Special 
Publication 800-38C) specifically states that you must limit the number 
of invocations of the block cipher (specifically AES) to 2^61.  Now, I 
realize that is an upper bound.  But even after removing several orders 
of magnitude, that leaves a huge amount of material you can encrypt with 
a single key.

Just throwing out a data point.

Richard Coleman
rcoleman@criticalmagic.com