From owner-freebsd-hackers@FreeBSD.ORG  Fri Mar  4 06:17:39 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AC4EB16A4CF
	for <hackers@freebsd.org>; Fri,  4 Mar 2005 06:17:39 +0000 (GMT)
Received: from critter.freebsd.dk (f170.freebsd.dk [212.242.86.170])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CFD2C43D49
	for <hackers@freebsd.org>; Fri,  4 Mar 2005 06:17:38 +0000 (GMT)
	(envelope-from phk@critter.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.13.1/8.13.1) with ESMTP id j246HSv4014393;
	Fri, 4 Mar 2005 07:17:29 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: "Perry E. Metzger" <perry@piermont.com>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Thu, 03 Mar 2005 19:49:03 EST."
             <877jkogrr4.fsf@snark.piermont.com> 
Date: Fri, 04 Mar 2005 07:17:28 +0100
Message-ID: <14392.1109917048@critter.freebsd.dk>
Sender: phk@critter.freebsd.dk
cc: ALeine <aleine@austrosearch.net>
cc: tech-security@NetBSD.org
cc: elric@imrryr.org
cc: hackers@freebsd.org
cc: ticso@cicely.de
Subject: Re: FUD about CGD and GBDE 
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2005 06:17:39 -0000

In message <877jkogrr4.fsf@snark.piermont.com>, "Perry E. Metzger" writes:

>I also very strongly suggest that the biggest real threat you face
>isn't someone cracking AES but key management issues. CGD is in some
>sense largely a framework for letting you do all sorts of neat things
>with key management in a disk encryption context. You may want to add
>similar features -- the most practical attack against your system as
>it stands is a dictionary attack.

This is where it would have been nice that you didn't jump into
the middle of a discussion without reading the basic material.

See my paper please.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.