From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 22:14:47 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80E3216A4CE for ; Thu, 3 Mar 2005 22:14:47 +0000 (GMT) Received: from mail3.panix.com (mail3.panix.com [166.84.1.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 149BF43D3F for ; Thu, 3 Mar 2005 22:14:47 +0000 (GMT) (envelope-from tls@rek.tjls.com) Received: from panix5.panix.com (panix5.panix.com [166.84.1.5]) by mail3.panix.com (Postfix) with ESMTP id 6A93C98214; Thu, 3 Mar 2005 17:14:46 -0500 (EST) Received: (from tls@localhost) by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j23MEkA18679; Thu, 3 Mar 2005 17:14:46 -0500 (EST) Date: Thu, 3 Mar 2005 17:14:46 -0500 From: Thor Lancelot Simon To: ALeine Message-ID: <20050303221446.GA26823@netbsd.org> References: <200503030155.j231to9f088685@marlena.vvi.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200503030155.j231to9f088685@marlena.vvi.at> User-Agent: Mutt/1.4.2.1i X-Mailman-Approved-At: Fri, 04 Mar 2005 16:36:07 +0000 cc: tech-security@netbsd.org cc: hackers@freebsd.org Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: tls@rek.tjls.com List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 22:14:47 -0000 On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote: > > He designed GBDE to always be harder than and never easier > to break than the cryptographic algorithms it relies on. Some very well-intentioned (and plenty smart) people at MIT designed the PCBC cipher mode to always be harder than and never easier to break than the cryptographic algorithms it relies on. Don Coppersmith designed the CBCM mode to always be harder than and never easier to break than the CBC mode of the 3DES algorithm. Unfortunately, all these well-intentioned and very intelligent people were wrong. The novel cryptographic modes they designed to always be harder to break were in fact sometimes -- in fact, in the case of PCBC, pretty much always -- easier to break than the boring, ordinary, pedestrian constructions they were meant to replace. And after all those well meaning and clever people got burned over the years, the consensus of the community of experts (as I percieve it, anyway) gradually became that novel cryptographic constructions should not be used in implementations until they had been extensively studied over a period of many years by experts. Those who do not know the mistakes of the past are doomed to repeat them. Thor