From owner-freebsd-hackers@FreeBSD.ORG  Fri Mar  4 00:18:11 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E5AAD16A4CE
	for <hackers@freebsd.org>; Fri,  4 Mar 2005 00:18:11 +0000 (GMT)
Received: from snark.piermont.com (snark.piermont.com [166.84.151.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 81E4743D4C
	for <hackers@freebsd.org>; Fri,  4 Mar 2005 00:18:11 +0000 (GMT)
	(envelope-from perry@piermont.com)
Received: by snark.piermont.com (Postfix, from userid 1000)
	id DD6C2D988C; Thu,  3 Mar 2005 19:18:10 -0500 (EST)
To: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
References: <9418.1109872131@critter.freebsd.dk>
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 03 Mar 2005 19:18:10 -0500
In-Reply-To: <9418.1109872131@critter.freebsd.dk> (Poul-Henning Kamp's
 message of "Thu, 03 Mar 2005 18:48:51 +0100")
Message-ID: <87ll94gt6l.fsf@snark.piermont.com>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailman-Approved-At: Fri, 04 Mar 2005 16:36:07 +0000
cc: tech-security@NetBSD.org
cc: hackers@freebsd.org
Subject: Re: FUD about CGD and GBDE
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2005 00:18:12 -0000


"Poul-Henning Kamp" <phk@phk.freebsd.dk> writes:
> If the component (well respected etc etc) algorithms I have used
> in GBDE contains flaws so that they become individually less
> intrinsicly safe because their input is the output of another such
> algorithm, then the crypto-world has problems they need to work on.

The crypto world is a world of very brittle materials developed by
humans with finite capacities. We do our best, but we make
mistakes.

Combining algorithms in such a way that the result is unexpectedly
weak has been seen on several occasions.

The reason cryptographers are very cautious is because they have been
burned repeatedly.

> Despite my best efforts to get people interested in reviewing GBDE,
> it doesn't seem to have succeeded in getting any attention until
> now, and I am very much looking forward to the competent review
> and input this will generate.

If you wish to hear my suggestions on how to get review, feel free to
contact me offline.


Perry