Date: Fri, 04 Mar 2005 09:02:55 -0500 From: "Perry E. Metzger" <perry@piermont.com> To: "Poul-Henning Kamp" <phk@phk.freebsd.dk> Cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE Message-ID: <877jknik4w.fsf@snark.piermont.com> In-Reply-To: <14890.1109921971@critter.freebsd.dk> (Poul-Henning Kamp's message of "Fri, 04 Mar 2005 08:39:31 %2B0100") References: <14890.1109921971@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
"Poul-Henning Kamp" <phk@phk.freebsd.dk> writes: > In message <87bra0grwe.fsf@snark.piermont.com>, "Perry E. Metzger" writes: >>My strong suggestion for you is that you adopt a similar approach -- >>build a good framework that, given good algorithms, will provide >>security, and make it easy for users to change over if an algorithm >>falls. > > If you actually look at GBDE, you will see that any and all of the > algorithms can be changed. They are used only in their most basic > capability. This was part of the design from the start: not to > rely on any single-source algorithm. I understand that, but the point is to make it user friendly. CGD lets you pick a number of crypto systems right now in its configuration. You can pick multiple key lengths, methods of deriving the key, etc. I've read through things like the GBDE command man page, how-tos, etc., and I found nothing that allows you to do stuff like change cipher with GBDE. I also don't find support for things like multi-factor authentication. All that could be added, of course, and I encourage you to do it -- but my point is that it isn't there now and you should look at doing it. If I can pick any one of several ciphers and key lengths already or specify things like multi-factor authentication, my apologies. In any case, please understand that my goal is not to tell your users that FreeBSD is garbage or anything like that. My goal is to get you to improve what you have done. If you want to tell me I'm an idiot or what have you, feel free, but I don't think that will serve your users particularly well. >>Well, so is stock AES 256. I don't see why I should assume your >>construction is any better. What do you know that the NIST/NSA review >>of AES did not know? > > That neither the authors of Rinjdael, its reviewers, nor NIST are > willing to offer a 25 year warranty on it. No one rational will give a warranty on *any* encryption system for *any* length of time. The best I can say, however, is that the US government has approved the use of AES with 256 bit keys for very highly secure communications, and they have a very demanding user community. Assuming that you can brute force a bit or two more key per year, and assuming that better cryptanalytic techniques doubled that somehow, you would still have many many years before 256 bit AES became a real issue. Anyone rational attacking you will look at other flaws in your system first. -- Perry E. Metzger perry@piermont.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877jknik4w.fsf>