--- Ted Unangst <[EMAIL PROTECTED]> wrote: > On 1/3/06, knitti <[EMAIL PROTECTED]> wrote: > > cgd gives users some choice over how to build their encrypted partition. > > you're able to use different ciphers. > > in the unlikely case of a cipher getting broken, you have the possibility > to > > switch instantly, using a tool you know with stable code an the same way > > you configured it. > > this is really not that useful. why would you pick anything other > than "the best" when setting it up? and after it's setup, you can't > change. the idea that once a cipher is broken you could migrate is > nice, but think about it. are you equipping all your servers with > double storage so that you can copy and reencrypt everything? i doubt > anyone has thougt more than 10 seconds about what the migration > procedure would really be. anyway, it's not that hard to switch > ciphers in svnd. how critical is your timeframe? can you wait 24 > hours to upgrade? do you have a beeper set to wake you up everytime > somebody posts to sci.crypt? >
Not to mention that even in the case blowfish is broken at some point, it is unlikely that the attack reduces complexity of a decryption to a timeframe that would allow someone to decrypt data ciphered with a strong key in svnd before OpenBSD has the opportunity to switch cipher.