Re: FUD about CGD and GBDE

• Previous message: Dan Nelson: "Re: Libc"
• Maybe in reply to: Poul-Henning Kamp: "FUD about CGD and GBDE"
• Next in thread: Perry E. Metzger: "Re: FUD about CGD and GBDE"
• Reply: Perry E. Metzger: "Re: FUD about CGD and GBDE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 03 Mar 2005 22:08:46 +0100

In message <87ekewjxp4.fsf@snark.piermont.com>, "Perry E. Metzger" writes:

>> There is a world out here that's called the IT industry.
>
>Yes, there is. They routinely deploy bad security because they don't
>get people who know what they are doing involved. See WEP, for
>example, or a thousand other things.

Yes, it would really be desirable for the cryptographers to come
down from their mount olympus more often. Too bad they never
answer invitations :-(

>I have no idea what you're talking about,

Thanks for confirming what I wrote just a second ago above.

>If you're talking about MD5 which is used in many modern Unixes, it
>was done by Ron Rivest, and even though he's really good, it has
>recently been (quite badly) broken.

Again.

>> At the time where I wrote GBDE, the best that was offered was CGD (and
>> similar) and users (not cryptographers!) didn't trust it and history
>> have so far repeated.
>
>I have no idea what you are talking about here.

And again.

>> I can add another property of the elite society of cryptographers:
>> if you are not a card carrying member of their society, the majority
>> of their members can not even be bothered to reply to an email from
>> an outsider. This does hamper communiation a bit.
>
>Actually, you can show up at any crypto conference you like,

I have a better idea: Why don't we get the cryptographers to
show up at computer science conferences ? That would get the
gospel out to a far wider crowd without spoiling the highly
specialized conferences for the cryptographers.

>> Maybe the problem is that cryptographers, like true computer
>> scientists, write in nothing less portable than pencil number two ?
>
>It is rare to see a new algorithm show up from someone like Ron Rivest
>without some C code also appearing. That's pretty common in the crypto
>world. When the Chinese team that cracked a bunch of hash algorithms
>last summer presented their work, they had worked examples of their
>stuff.

You seem to misunderstand something: Computer users don't call MD5
directly. They use software which makes the calls for them. Sometimes
this software has a goal which is different from calling crypto
algorithms, in fact some of them even have the impropiety of
regarding the crypt algorithms as mere tools.

>I think you don't quite get it the point.

There are many points not being got here.

>1) No one claims that you need to be a cryptographer to write
> something like GBDE. What is being claimed is that you should not
> have invented your own cryptographic modes, and that you might have
> wanted to ask some professionals about your approach.

You have not actually studied GBDE yet, right ? You don't actually
know if I invented my own "cryptographic modes" or not, do you ?

>2) CGD *has* been looked at by a bunch of people, and was written to
> carefully use standard algorithms in a standard way. If you don't
> like using NetBSD code because NetBSD people have cooties, fine --
> I don't care, write your own. However, you should at least pay the
> same attention to conservative use of cryptographic algorithms and
> having people review your work is a good idea, too.

Even if I were alone in the world with the sentiment, I would never
call CGDs use of the same key for all sectors "conservative".

>3) You've made some very bizarre claims about the security of your
> system. Some of these claims have already been shown on their face
> to be incorrect, such as your claimed work factor for breaking your
> new "improved" crypto modes.

Sorry, they have only been disproved in a significantly larger universe
than the one my users inhabit. That doesn't count to me.

> Instead, he admitted his mistakes and wrote a version 2.

Any qualified, factually correct critique of GBDE will be taken very
serious by me. I am very much looking forward to it. What Roland
has provided is not it.

> Are your users better served by you digging in your heels and
> saying "GDBE is perfect as it is",

Now, there is one thing I have never said and would never say.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

• Previous message: Dan Nelson: "Re: Libc"
• Maybe in reply to: Poul-Henning Kamp: "FUD about CGD and GBDE"
• Next in thread: Perry E. Metzger: "Re: FUD about CGD and GBDE"
• Reply: Perry E. Metzger: "Re: FUD about CGD and GBDE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]