From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 21:01:15 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E030916A4CE for ; Thu, 3 Mar 2005 21:01:15 +0000 (GMT) Received: from mail3.panix.com (mail3.panix.com [166.84.1.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA7DA43D46 for ; Thu, 3 Mar 2005 21:01:13 +0000 (GMT) (envelope-from tls@rek.tjls.com) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail3.panix.com (Postfix) with ESMTP id 23F26981DB; Thu, 3 Mar 2005 16:01:13 -0500 (EST) Received: (from tls@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j23L1DZ12992; Thu, 3 Mar 2005 16:01:13 -0500 (EST) Date: Thu, 3 Mar 2005 16:01:13 -0500 From: Thor Lancelot Simon To: tech-security@netbsd.org, hackers@freebsd.org, cryptography@metzdowd.com Message-ID: <20050303210113.GA19398@panix.com> References: <20050303200005.GA21499@panix.com> <10848.1109882513@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <10848.1109882513@critter.freebsd.dk> User-Agent: Mutt/1.4.2.1i X-Mailman-Approved-At: Fri, 04 Mar 2005 16:36:07 +0000 Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: tls@rek.tjls.com List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 21:01:16 -0000 On Thu, Mar 03, 2005 at 09:41:53PM +0100, Poul-Henning Kamp wrote: > In message <20050303200005.GA21499@panix.com>, Thor Lancelot Simon writes: > >On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote: > > >To quote David Hume, "Never an ought from an is." > > I'm Danish by birth so english is only my second language, so I > apologize for mangling it. To be clear, the question is hardly one of linguistics. Perhaps if I call the reasoning mistake in question "the naturalistic fallacy" it will be more familiar to you than if I just use the common paraphrase from Hume? What I am trying to get across is that you argued from what some (poorly-specified) group of people _do_ believe (that "cgd", though it had existed for precisely two days when you checked GBDE into the FreeBSD source tree, so this seems unlikely in the extreme, was not secure) to what everyone _should_ believe (that in fact it is not secure). That's not a kind of reasoning I find very persuasive. > But in difference from everybody else (it seems) I also asked users > and administrators what they needed and wanted from a cryptographic > disk facility. Unfortunately, you seem to assume that "users and administrators" were, in general, capable of correctly turning their abstract goals about avoiding risk into concrete principles of cryptosystem design. I would submit, in fact, that this is precisely the expertise that you do not acknowledge exists. > And then I tried very hard to engage somebody with the right > union-card to do a review for me, and despite the fact that funding > were available under the DARPA contract nobody would bite. That surprises me, since I didn't see any such attempt at engagement in any of the usual places where such experts communicate (I will leave your "crypto-clergy" and "union-card" rhetoric aside). Did you solicit review on the cryptography mailing list? On sci.crypt? At conferences or in journals? You say that experts told you that they were concerned about the amount of data being encrypted with a single key in prior-art cryptosystems. Did it occur to you that, at the time, almost all such cryptosystems used algorithms with a 64 bit block size, and that that precise concern motivated the increase in block size in newer ciphers, including AES? Thor