Date: Wed, 2 Mar 2005 17:55:50 -0800 (PST) From: "ALeine" <aleine@austrosearch.net> To: perry@piermont.com Cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE Message-ID: <200503030155.j231to9f088685@marlena.vvi.at>
next in thread | raw e-mail | index | archive | help
perry@piermont.com wrote: > > You are mistaking people who design cryptographic algorithms > > and those who design cryptographic systems which integrate those > > algorithms into functional systems. > > No, I am not. PHK invented new cryptographic modes for his work. > The fact that he does not understand this is part of the problem. He designed GBDE to always be harder than and never easier to break than the cryptographic algorithms it relies on. Not only that, but it does not rely exclusively on any single cryptographic algorithm and it does not reuse keys, both of which CGD is guilty of. > > Would you care to explain what qualifies Roland as a more > > competent cyrptographic system designer than PHK? > > Roland didn't try to do anything that wasn't already heavily > understood in the literature. He invented no cryptographic modes. > He used only algorithms that have been pre-vetted. He also asked a > bunch of people who know better than he does to check his work. > > Thus, you don't have to trust Roland at all. He didn't invent any > new way of using any of the algorithms. You have to trust only the > designers of the block cipher you choose to use (I'd suggest AES) > and the password algorithm you choose to use (though the PKCS stuff > is very good already). In order to permit even greater defense > against key cracking, he put in a very standard and straightforward > mechanism to permit N factor authentication. MD5 was believed to be heavily understood in literature. It was well established. Look at what happened to it. The fact that Roland did not invent any new ways of using algorithms does not mean that CGD is more secure. In fact, IMHO it is less secure because it uses the same key for the entire disk and because it reuses the same key for IV generation and encryption. You have to trust Roland to integrate the well known and understood algorithms in a correct way, trusting the algorithms alone is not enough. In that regard, I would rather trust PHK's proven and very well established track record as a programmer than Roland's. To be honest, the first time I heard of Roland was when I found out about CGD, I have not seen his name mentioned in any other reference before. On the other hand, I have known about PHK being an excellent programmer for at least a decade now. > > There is a reason everything happens so slowly in the academic > > circles. Everyone is trying to cover their asses and trying so > > hard not to be wrong that they analyze everything ad nauseum. > > No. You Do Not Understand. I am speaking from personal experience and I know very well what the academic circles are like, at least in Europe. > Are you as good a cryptographer as Ron Rivest? I certainly am > not. Somehow, however, MD5 has been crushed anyway. This is not > unusual. Cryptographic algorithms are not like sorting algorithms > or graph traversal algorithms. When you're doing 3DES, it is not > obvious that doing the CBC on the outside instead of between the > rounds is critical to good security -- indeed it wasn't obvious > even to trained cryptographers. I am not designing cryptographic algorithms, what PHK did with GBDE cannot be compared to inventing MD5, snap out of it, you are starting to sound like a broken record. > If you aren't as good as Ron Rivest, then why are you expecting > to design a new cryptographic mode on your first try without any > issues arising? It is your unfounded assumption that one has to get it perfectly right in the first try, not mine or PHK's, AFAIK. Again, we are not discussing the invention of the successor to SHA. > WEP is even weaker than its design. That is because its designers > did not know what they were doing. I assure you PHK knows very well what he is doing and I think you should not mention his name in the same breath along with the names of the designers of WEP. > Inventing new cryptographic modes is dangerous. Living is dangerous, today you are here, tomorrow you might get hit by a bus. But that does not mean you will stay inside your house where you are safe (at least from buses) forever, does it? > Anyone can get a paper published at Crypto or Eurocrypt. You need > no PhD or other credentials. All you have to do is have something > interesting to say. People who are "outsiders" get stuff > published. Your claim is baseless. Getting a paper published does not mean much. Do you know how many papers get published at various conferences in Europe and nobody ever even reads them, let alone implements any of the ideas in a production environment? > In general, geeks are meritocratic. Crypto people are not unlike > other geeks. If you find that crypto people laugh at you, it is > probably not because you don't know the right people, but because > you put your foot in your mouth and swallowed hard. In general, all generalizations are wrong, including this one. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503030155.j231to9f088685>