Date: Thu, 3 Mar 2005 17:14:46 -0500 From: Thor Lancelot Simon <tls@rek.tjls.com> To: ALeine <aleine@austrosearch.net> Cc: hackers@freebsd.org Subject: Re: FUD about CGD and GBDE Message-ID: <20050303221446.GA26823@netbsd.org> In-Reply-To: <200503030155.j231to9f088685@marlena.vvi.at> References: <200503030155.j231to9f088685@marlena.vvi.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote: > > He designed GBDE to always be harder than and never easier > to break than the cryptographic algorithms it relies on. Some very well-intentioned (and plenty smart) people at MIT designed the PCBC cipher mode to always be harder than and never easier to break than the cryptographic algorithms it relies on. Don Coppersmith designed the CBCM mode to always be harder than and never easier to break than the CBC mode of the 3DES algorithm. Unfortunately, all these well-intentioned and very intelligent people were wrong. The novel cryptographic modes they designed to always be harder to break were in fact sometimes -- in fact, in the case of PCBC, pretty much always -- easier to break than the boring, ordinary, pedestrian constructions they were meant to replace. And after all those well meaning and clever people got burned over the years, the consensus of the community of experts (as I percieve it, anyway) gradually became that novel cryptographic constructions should not be used in implementations until they had been extensively studied over a period of many years by experts. Those who do not know the mistakes of the past are doomed to repeat them. Thor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050303221446.GA26823>