From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 22:38:54 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F67116A4CE for ; Thu, 3 Mar 2005 22:38:54 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id E05CF43D2D for ; Thu, 3 Mar 2005 22:38:53 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j232hkoH089626; Wed, 2 Mar 2005 18:43:48 -0800 (PST) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j232hegV089625; Wed, 2 Mar 2005 18:43:40 -0800 (PST) (envelope-from www) Date: Wed, 2 Mar 2005 18:43:40 -0800 (PST) Message-Id: <200503030243.j232hegV089625@marlena.vvi.at> To: tls@rek.tjls.com From: "ALeine" cc: tech-security@netbsd.org cc: phk@phk.freebsd.dk cc: hackers@freebsd.org cc: elric@imrryr.org cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 22:38:54 -0000 tls@rek.tjls.com wrote: > Unfortunately, all these well-intentioned and very intelligent > people were wrong. The novel cryptographic modes they designed > to always be harder to break were in fact sometimes -- in fact, > in the case of PCBC, pretty much always -- easier to break than > the boring, ordinary, pedestrian constructions they were meant > to replace. > > And after all those well meaning and clever people got burned > over the years, the consensus of the community of experts (as > I percieve it, anyway) gradually became that novel cryptographic > constructions should not be used in implementations until they > had been extensively studied over a period of many years by > experts. At any time half of all the people are wrong about something, it's only a matter of time when your time will come to be in the wrong half or rather the right half to be wrong. That stops neither half from going forward and doing what they feel is right. Just because there is a tendency for new cryptographic systems to be broken does not mean this applies to GBDE, otherwise anything new would be considered wrong and we might as well stop even trying to innovate. Give GBDE a chance. GBDE is not replacing anything because there was nothing like it to replace in the first place. Also, there is a catch 22 situation with studying things without using them. The longer you study something without using it the less likely it is to make it into production, the world is not waiting for anyone. GBDE is here, you can analyze the design and the code, when you do a formal analysis let us know, shouting "It's new, it must be bad!" is not an argument. > Those who do not know the mistakes of the past are doomed to > repeat them. Those who are afraid of making mistakes are sentenced to regretting that mistake and living in the past. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net