Re: FUD about CGD and GBDE

From: Poul-Henning Kamp (phk_at_phk.freebsd.dk)
Date: 03/03/05

  • Next message: ALeine: "Re: FUD about CGD and GBDE"
    To: Todd Vierling <tv@duh.org>
    Date: Thu, 03 Mar 2005 22:45:34 +0100
    
    

    In message <Pine.NEB.4.62.0503031625170.12890@server.duh.org>, Todd Vierling writes:
    >On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
    >
    >> And if CGD is _so_ officially approved as you say, then I can not
    >> for the life of me understand how it can use the same key to generate
    >> the IV and perform the encryption. At the very least two different
    >> keys should have been used at the "expense" of making the masterkey
    >> 512 bits instead of 256.
    >
    >Technically, two different keys are used. The IV is generated from the
    >block number (although it's pluggable for other IV generation methods,
    >should one be desired; take a look!).

    As I read it, he encrypts the block number using the key to get the IV
    which he then uses with the key to encrypt the data.

    Since the attacker know the block number the IV generation doesn't
    add strength.

    In fact expose any weakness in the algorithm even more because it
    offers two-way leverage on the algorithm.

    It also adds a very efficient hit-detector for a brute force attack.

    It would have been much better to use a different key to generate the IV.

    And did he salt the block number at all ? I don't think so...

    -- 
    Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
    phk@FreeBSD.ORG         | TCP/IP since RFC 956
    FreeBSD committer       | BSD since 4.3-tahoe    
    Never attribute to malice what can adequately be explained by incompetence.
    _______________________________________________
    freebsd-hackers@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
    To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
    

  • Next message: ALeine: "Re: FUD about CGD and GBDE"

    Relevant Pages

    • Re: A new encryption software of mine
      ... and zero rigorous analysis or testing. ... the algorithm was designed as an extreme parallel algorithm, ... random data that the programmers who wrote STS assumed that it simply ... this is the *worst* possible thing that could happen to any encryption ...
      (sci.math)
    • Re: New Encryption Idea
      ... performing the 5 reads necessary in the example algorithm results in a delay ... Panama at 400MB/sec, or RC4 at about 90MB/sec, or AES in CTR mode at ... and the speed failings of your design become very clear. ... > Manansala Encryption and Authentication System ...
      (sci.crypt)
    • Meganets "unbreakable" cryptography? Im skeptical.
      ... Meganet makes such grandiose claims that I can't help but ... There's plenty of coverage on secret encryption algorithms ... encryption algorithm that was granted U.S. Patent ... Labor has bought into this "snake oil" and without a doubt ...
      (sci.crypt)
    • Re: A new encryption software of mine
      ... the algorithm was designed as an extreme parallel algorithm, ... good encryption algorithms *really* need ... the reason for testing against regular patterns is to test whether there ... then you should move on to CBC because what ...
      (sci.math)
    • Re: Enigma machine strenght using a computer
      ... cipher with rotors that spin backwards, forwards, stop and start based ... on other rotors, change their values according to the phase of the moon ... encryption less error-prone and they were a cost effective way to get ... case) than not since a wider base uses the same algorithm. ...
      (sci.crypt)