With the author's consent, I'm soliciting opinions from this group about it:
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
I just gave the paper a quick read and am hoping this is not meant for production use. The key problems to me appear to be that:
- the paper claims added security through the added complexity, when that's almost always untrue
- standard algorithms are used for things they weren't meant to be used for
- the numbers for the amount of work to break this seem suspect (although, again, I only gave them a quick read)
Did PHK even solicit proper reviews before implementation? This looks like another case of a programmer - in this case, a really smart programmer - who decides to roll his own cryptosystem with no input from the crypto community. Terrible Idea. He would have likely been better off using, say, straight AES256 for the whole disk, without any of his own bells and whistles.
Cheers, Ivan.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
