Date: Fri, 04 Mar 2005 11:49:42 -0500 From: Steve Tremblett <sjt@cisco.com> To: freebsd-hackers@freebsd.org Cc: ticso@cicely.de Subject: Re: FUD about CGD and GBDE Message-ID: <1109954982.627.22.camel@localhost> In-Reply-To: <87y8d4ih9b.fsf@snark.piermont.com> References: <10983.1109882590@critter.freebsd.dk> <87y8d4ih9b.fsf@snark.piermont.com>
next in thread | previous in thread | raw e-mail | index | archive | help
would people mind not bcc'ing freebsd-hackers? I've been deleting this thread from my inbox for a couple of days because it's not filtered into my bsd folders :) On Thu, 2005-03-03 at 15:52 -0500, Perry E. Metzger wrote: > "Poul-Henning Kamp" <phk@phk.freebsd.dk> writes: > > In message <Pine.NEB.4.62.0503031436160.12890@server.duh.org>, Todd Vierling writes: > >>On Thu, 3 Mar 2005, Poul-Henning Kamp wrote: > >> > >>> At the time where I wrote GBDE, the best that was offered was CGD (and > >>> similar) and users (not cryptographers!) didn't trust it > >> > >>Could you back up this claim, insofar that "users" did not trust cgd? I > >>haven't seen any distrust of cgd -- in fact, I've seen quite a bit of > >>welcome acceptace of cgd by both users *and* cryptographers. > > > > Some of the people I talked to were very unhappy about the same key > > being used for all sectors on the disk. > > Now, was that in the first day after cgd was committed or the second? > As I recall, you committed GBDE 48 hours after CGD was committed in > NetBSD. I'd be curious to hear about how much you changed your design > in that period in response to feedback on cgd. (Please correct me if > I'm wrong about the time gap.) > > However: > > > Some of the people I talked to were very unhappy about the same key > > being used for all sectors on the disk. Even a small weakness in > > the cipher becomes a big hole because of the amount of data this > > offers for analysis. > > I think we've already established that this fear, though > understandable, is not a reasonable one under the circumstances. See > several postings already made. You are better off just using AES with > a longer key than the GBDE mechanism. > > Perry > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1109954982.627.22.camel>