comments wanted on gbde

Ivan Krstic krstic at fas.harvard.edu
Sat Mar 5 13:24:55 EST 2005


Steven M. Bellovin wrote:
> With 
> the author's consent, I'm soliciting opinions from this group about it:
> 
> http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf

I just gave the paper a quick read and am hoping this is not meant for 
production use. The key problems to me appear to be that:

- the paper claims added security through the added complexity, when 
that's almost always untrue
- standard algorithms are used for things they weren't meant to be used for
- the numbers for the amount of work to break this seem suspect 
(although, again, I only gave them a quick read)

Did PHK even solicit proper reviews before implementation? This looks 
like another case of a programmer - in this case, a really smart 
programmer - who decides to roll his own cryptosystem with no input from 
the crypto community. Terrible Idea. He would have likely been better 
off using, say, straight AES256 for the whole disk, without any of his 
own bells and whistles.

Cheers,
Ivan.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list