Date: Thu, 3 Mar 2005 16:01:13 -0500 From: Thor Lancelot Simon <tls@rek.tjls.com> To: tech-security@netbsd.org, hackers@freebsd.org, cryptography@metzdowd.com Subject: Re: FUD about CGD and GBDE Message-ID: <20050303210113.GA19398@panix.com> In-Reply-To: <10848.1109882513@critter.freebsd.dk> References: <20050303200005.GA21499@panix.com> <10848.1109882513@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 03, 2005 at 09:41:53PM +0100, Poul-Henning Kamp wrote: > In message <20050303200005.GA21499@panix.com>, Thor Lancelot Simon writes: > >On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote: > > >To quote David Hume, "Never an ought from an is." > > I'm Danish by birth so english is only my second language, so I > apologize for mangling it. To be clear, the question is hardly one of linguistics. Perhaps if I call the reasoning mistake in question "the naturalistic fallacy" it will be more familiar to you than if I just use the common paraphrase from Hume? What I am trying to get across is that you argued from what some (poorly-specified) group of people _do_ believe (that "cgd", though it had existed for precisely two days when you checked GBDE into the FreeBSD source tree, so this seems unlikely in the extreme, was not secure) to what everyone _should_ believe (that in fact it is not secure). That's not a kind of reasoning I find very persuasive. > But in difference from everybody else (it seems) I also asked users > and administrators what they needed and wanted from a cryptographic > disk facility. Unfortunately, you seem to assume that "users and administrators" were, in general, capable of correctly turning their abstract goals about avoiding risk into concrete principles of cryptosystem design. I would submit, in fact, that this is precisely the expertise that you do not acknowledge exists. > And then I tried very hard to engage somebody with the right > union-card to do a review for me, and despite the fact that funding > were available under the DARPA contract nobody would bite. That surprises me, since I didn't see any such attempt at engagement in any of the usual places where such experts communicate (I will leave your "crypto-clergy" and "union-card" rhetoric aside). Did you solicit review on the cryptography mailing list? On sci.crypt? At conferences or in journals? You say that experts told you that they were concerned about the amount of data being encrypted with a single key in prior-art cryptosystems. Did it occur to you that, at the time, almost all such cryptosystems used algorithms with a 64 bit block size, and that that precise concern motivated the increase in block size in newer ciphers, including AES? Thor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303210113.GA19398>