In message <[EMAIL PROTECTED]>, Thor Lancelot Simon writes: >No, it would not. What it _would_ take would be an abandonment of the >adamant position that your home-grown cryptosystem is superior to >simply encrypting the disk with 256-bit AES.
Where I come from "home-grown" is not derogative. All cryptosystems are by necessity home-grown for somebody somewhere. If you are _convinced_ that there will be no attacks which can exploit the ample data CGD offers for two-way leverage on the crypto algorithm during the relevant lifetime of your data, then stick with CGD and be happy. If like me that makes you quite uneasy, look for something which mitigates that issue, like for instance GBDE. If neither suits you, design your own. >Generally, complexity is not considered a desirable property in >cryptosystems. GBDE violates this rule in spades. There are _reasons_ >why complexity is not good: to begin with, a very complex cryptographic >construct will require detailed analysis (which it does not appear >GBDE has had by anyone but its author until Roland started looking at >it) in order that we may know that it is even as secure as the underlying >algorithmic building blocks it uses. Both Lucky Green and David Wagner has nodded vertical on GBDE. >[crypto sermon] I fully agree with you about the philosophical points, but not on the implications. I can not convince myself that encrypting a 40 GB disk sector by sector using the same key, even if it is 256 bits, is a safe design. You seem to belive otherwise. And that's where it ends. Have a good life. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
