On Mon, Mar 07, 2005 at 09:43:13AM -0700, [EMAIL PROTECTED] wrote:
I also believe that it would be beneficial to implement regular rewriting
of randomly picked lock sector(s) at random times during a user specified
interval (up to x rewrites within n seconds) in order to further obscure
On Thu, Mar 03, 2005, Perry E. Metzger wrote:
No, I am not. PHK invented new cryptographic modes for his work. The
fact that he does not understand this is part of the problem.
Hi Perry,
You've brought up this claim at several points in this thread.
Would you be willing to be more specific? I
David Schultz [EMAIL PROTECTED] writes:
On Thu, Mar 03, 2005, Perry E. Metzger wrote:
No, I am not. PHK invented new cryptographic modes for his work. The
fact that he does not understand this is part of the problem.
Hi Perry,
You've brought up this claim at several points in this thread.
David Schultz wrote:
As a
rather extreme example, suppose that it was discovered that on
random input, an MD5 output only has 70 bits of entropy. Then
it might be relatively easy for an adversary to recover sector
keys without knowing the master key. (Granted, this would
I also believe that it would be beneficial to implement regular rewriting
of randomly picked lock sector(s) at random times during a user specified
interval (up to x rewrites within n seconds) in order to further obscure
the write pattern and provide additional protection for lock sectors.
In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes:
I also believe that it would be beneficial to implement regular rewriting
of randomly picked lock sector(s) at random times during a user specified
interval (up to x rewrites within n seconds) in order to further obscure
the write
I agree. I would also add random reads (or specially designed, combined
random reads and writes) to make traffic analysis and differential attacks
a real PITA for the hacker (although this idea may not be very effective
against a highly motivated and determined attacker, such as some
In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes:
If you want to do something like this, you want to do sectorrenaming
and journaling since that means you can only see that something
was written but not what it was that was written.
So you think that just adding specially crafted,
[EMAIL PROTECTED] wrote:
I agree. I would also add random reads (or specially designed, combined
random reads and writes) to make traffic analysis and differential attacks
a real PITA for the hacker (although this idea may not be very effective
against a highly motivated and determined
If you want to do something like this, you want to do sectorrenaming
and journaling since that means you can only see that something
was written but not what it was that was written.
So you think that just adding specially crafted, random reads/writes
will have no significant positive
[EMAIL PROTECTED] wrote:
On Mon, Mar 07, 2005 at 09:43:13AM -0700, [EMAIL PROTECTED] wrote:
I also believe that it would be beneficial to implement regular rewriting
of randomly picked lock sector(s) at random times during a user specified
interval (up to x rewrites within n seconds)
In message [EMAIL PROTECTED], Charles M. Hannum wri
tes:
While you might claim that the dedication to study the user's behavior and
mount such an attack is fanciful, I claim that it is not. Under observation,
GBDE's additional techniques do not stand up to the claim of being spook
strength.
In message [EMAIL PROTECTED], Steven M. Bell
ovin writes:
etc. I think we need to be careful about phrases like one can. I
decided to stop supposing and gather some real data, so I wrote some
analysis tools to measure the entropy of disk drives. I need to
rewrite some of my tools and do a
1) If you're doing analysis of a cold disk, it is ~trivial to tell
the difference between a sector that has been written only once and
a sector that has been rewritten.
This is hardly trivial, you are basing your statement on the false
assumption that one cannot or will not do anything to
In message [EMAIL PROTECTED], ALeine writes:
Could you make the tools you used publically available? I would very
much like to run that kind of analysis on my disks, especially now
that I'm planning the implementation of the GBDE changes I proposed.
I will eventually, but there's nothing in
Thor Lancelot Simon wrote:
I note that GBDE uses a number of algorithms in ways that are not
consistent with their design purposes. For instance, it truncates a
non-keyed hash (SHA512); the fact that this is not necessarily a
good idea is one of the major motivators for the design of HMAC.
On Friday 04 March 2005 18:55, ALeine wrote:
1) If you're doing analysis of a cold disk, it is ~trivial to tell
the difference between a sector that has been written only once and
a sector that has been rewritten.
This is hardly trivial, you are basing your statement on the false
[EMAIL PROTECTED] wrote:
Second of all, the cleaning lady copy attack (described in section
10.3), where someone can regularly make bit-wise copies of the
entire disk containing the encrypted image and determine the
location of sensitive structures by means of differential analysis
is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 4 Mar 2005, Jason Thorpe wrote:
On Mar 2, 2005, at 4:33 PM, ALeine wrote:
You need 2^128 steps to break the encryption of a single sector.
But you have no idea which of the 2^128 sectors is the right one,
Your disk has 2^128 sectors?
On Mar 2, 2005, at 4:33 PM, ALeine wrote:
You need 2^128 steps to break the encryption of a single sector.
But you have no idea which of the 2^128 sectors is the right one,
You may not know for sure, but you can make a pretty well educated
guess. You are basically ignoring Roland's argument that
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
The best I can say, however, is that the US
government has approved the use of AES with 256 bit keys for very
highly secure communications, and they have a very demanding user
community.
(There
On Friday 04 March 2005 02:29, ALeine wrote:
To wit:
On Thursday 03 March 2005 02:43, ALeine wrote:
At any time half of all the people are wrong about something,
it's only a matter of time when your time will come to be in the
wrong half or rather the right half to be wrong.
On Friday 04 March 2005 03:17, ALeine wrote:
Your assumption is wrong. First of all, the first sector of the
encrypted image does not necessarily start at the beginning of
the disk, nor does the last sector have to be the last sector
of the disk. At initialization first_sector, last_sector and
[EMAIL PROTECTED] wrote:
There are at least two ways to determine this information fairly easily:
As easily as one can get accepted into the crypto community? :-
1) If you're doing analysis of a cold disk, it is ~trivial to tell
the difference between a sector that has been written only once
Someone from the NetBSD community who wishes to remain unnamed sent
me the following email, so I thought I would comment on it here because
there seem to be many others who are confused about the same issue.
My thinking is that for each of 2^30 sectors, you're looking for
one of 2^128 keys.
[EMAIL PROTECTED] wrote:
For example, one can regularly scrub the unused areas around the
encrypted image (padding) with dd(1) using if=/dev/{u,}random and
similar. This can be fully automated with a cron job.
One can also regularly scatter files with misleading names and
contents.
In message [EMAIL PROTECTED], Perry E. Metzger writes:
The best I can say, however, is that the US
government has approved the use of AES with 256 bit keys for very
highly secure communications, and they have a very demanding user
community.
(There is a big difference in what crypto you need for
In message [EMAIL PROTECTED], Jari Ruusu writes:
Early versions of loop-AES were FUBARed, true. But why do you insist on
ranting about fuckups that were fixed long time ago?
I don't :-)
The topic at hand was why I made certain choices for GBDE the way
I did, what loop-AES did subsequent to that
On Thu, Mar 03, 2005 at 05:58:49PM -0500, Roland Dowdeswell wrote:
Disklabels for example have a checksum. The checksum might not be
terribly strong, but the chance that two different valid disklabels
could even be decrypted with different keys is small, I would
imagine. The checksum takes
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Bernd Walter writes:
No matter what disk you take - writes never have been atomic.
The major difference I see is that you get a read error back in
the disk failure case, while such a crypto
On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as now.
I gave up on journalling myself because IMO it
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 05:31:34PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as
On Thu, Mar 03, 2005 at 06:48:51PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Steven M. Bellovin writes:
And Knuth was talking about a situation without an adversary.
If the component (well respected etc etc) algorithms I have used
in GBDE contains flaws so that they
Poul-Henning Kamp [EMAIL PROTECTED] writes:
We need more ideas and more people trying out ideas.
There is a profession called cryptographer out there. They are the
folks who try out these new ideas, and they fill lots of conference
proceedings with their new ideas, including things like crypto
On Wednesday 02 March 2005 21:15, ALeine wrote:
[EMAIL PROTECTED] wrote:
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes.
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it
Could you back up this claim, insofar that users did not trust cgd? I
haven't seen any distrust of cgd -- in fact, I've
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it and history
have so far repeated.
To quote David Hume, Never an ought from an is. That users
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
There is a profession called cryptographer out there. They are the
folks who try out these new ideas, and they fill lots of conference
proceedings with their new ideas, including things like crypto
Poul-Henning Kamp [EMAIL PROTECTED] writes:
Don't let peole like Thor scare you away, progress happens when people
try to follow their ideas, even if told that they are fools by people
who (think they) know better.
They laughed at Fulton.
They also laughed at Bozo the Clown.
There is
ALeine [EMAIL PROTECTED] writes:
There is a profession called cryptographer out there. They are
the folks who try out these new ideas, and they fill lots of
conference proceedings with their new ideas, including things like crypto
modes designed specifically for disk encryption.
You are
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Todd Vierling writes:
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it
Could you back up this
On Thu, Mar 03, 2005 at 09:41:53PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
To quote David Hume, Never an ought from an is.
I'm Danish by birth so english is only my second
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the encryption. At the very least two different
keys should have been used at the expense of
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the encryption. At the very least two different
keys should have been
On Thu, Mar 03, 2005 at 10:45:34PM +0100, Poul-Henning Kamp wrote:
Since the attacker know the block number the IV generation doesn't
add strength.
In fact expose any weakness in the algorithm even more because it
offers two-way leverage on the algorithm.
It also adds a very efficient
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote:
He designed GBDE to always be harder than and never easier
to break than the cryptographic algorithms it relies on.
Some very well-intentioned (and plenty smart) people at MIT
designed the PCBC cipher mode to always be harder than and
I'm not going to defend what Thor said, nor do I even think it's worth
discussing as it largely amounts to an appeal to privileged knowledge.
However, this is some extremely sloppy thinking in your writing. To wit:
On Thursday 03 March 2005 02:43, ALeine wrote:
At any time half of all the
Poul-Henning Kamp [EMAIL PROTECTED] writes:
I have a better idea: Why don't we get the cryptographers to
show up at computer science conferences ?
They do. Perhaps you might want to listen to them.
I remember a certain talk at BSDCon where someone criticized the
design of the kernel RNG
Poul-Henning Kamp [EMAIL PROTECTED] writes:
I think we've already established that this fear, though
understandable, is not a reasonable one under the circumstances. See
several postings already made. You are better off just using AES with
a longer key than the GBDE mechanism.
I'm sorry, I
ALeine [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
You are mistaking people who design cryptographic algorithms
and those who design cryptographic systems which integrate those
algorithms into functional systems.
No, I am not. PHK invented new cryptographic modes for his work.
Roland Dowdeswell [EMAIL PROTECTED] writes:
I realise that PHK has been claiming that you might get false
positives, and that you somehow have to maintain a matrix of past
this and that. It is a lot simpler than this really.
Of course, given that the unicity distance is much less than the
On Fri, Mar 04, 2005 at 12:42:33AM +0100, Poul-Henning Kamp wrote:
The fact that you just need to break one single sector in CGD before
you get the entire disk contents gives a disadvantage to CGD of
2^26 before we even consider the nature of the attack. That is not
conservative when it could
Thor Lancelot Simon [EMAIL PROTECTED] writes:
I think there's a misunderstanding here. Why do you think secrecy
(unpredictability?) is an important property of an IV for a block
cipher used in CBC mode? It's not an encryption key, it's an IV.
Indeed. The IV can (subject to some constraints)
Thor Lancelot Simon [EMAIL PROTECTED] writes:
On Wed, Mar 02, 2005 at 05:55:50PM -0800, ALeine wrote:
He designed GBDE to always be harder than and never easier
to break than the cryptographic algorithms it relies on.
Some very well-intentioned (and plenty smart) people at MIT
designed
Poul-Henning Kamp [EMAIL PROTECTED] writes:
If the component (well respected etc etc) algorithms I have used
in GBDE contains flaws so that they become individually less
intrinsicly safe because their input is the output of another such
algorithm, then the crypto-world has problems they need
Poul-Henning Kamp [EMAIL PROTECTED] writes:
You don't actually know if I invented my own cryptographic modes
or not, do you ?
You did.
I did ? Cool, I should patent them! :-)
I would encourage it. It will keep others from wanting to use them.
Sorry, they have only been disproved in a
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
MD5 was believed to be heavily understood in literature. It was
well established. Look at what happened to it.
Yup. And Roland made the algorithm you use for encrypting your disk
*pluggable*.
In message [EMAIL PROTECTED], Poul-Henning Kamp writes:
I have studied the AES papers and in particular the attacks and
critisisms of it very carefully, and they have proven a whole lot
of things to be impossible, but they have not proven that there
are not more that needs to be proven
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 10:15:55PM +0100, Poul-Henning Kamp wrote:
And if CGD is _so_ officially approved as you say, then I can not
for the life of me understand how it can use the same key to generate
the IV and perform the
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL PROTECTED], Perry E. Metzger writes:
My strong suggestion for you is that you adopt a similar approach --
build a good framework that, given good algorithms, will provide
security, and make it easy for users to change over if an
Poul-Henning Kamp wrote:
I am being a bit unfair here because I am lumping CGD in with the
equally defficient code in Linux (Loop-AES etc). It was mostly the
linux code I talked to people about, but CGD makes the same exact
mistake.
Loop-AES for Linux has improved a lot since v1.X versions.
Any chance some part of this discussion can be taken off-line?
Or to freebsd-sec?
-Dan
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
would people mind not bcc'ing freebsd-hackers? I've been deleting this
thread from my inbox for a couple of days because it's not filtered into
my bsd folders :)
On Thu, 2005-03-03 at 15:52 -0500, Perry E. Metzger wrote:
Poul-Henning Kamp [EMAIL PROTECTED] writes:
In message [EMAIL
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the cache upon detecting the
power supply was cut would be sufficient.
I'm
On Sat, Mar 05, 2005 at 05:37:47AM +1100, Peter Jeremy wrote:
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the
On Sat, 5 Mar 2005, Peter Jeremy wrote:
[CC list pruned]
On Wed, 2005-Mar-02 13:15:49 -0800, ALeine wrote:
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to flush the cache upon detecting the
power
[EMAIL PROTECTED] wrote:
I'm not going to defend what Thor said, nor do I even think it's
worth discussing as it largely amounts to an appeal to privileged
knowledge.
However, this is some extremely sloppy thinking in your writing.
You do not understand what was said.
To wit:
On
[EMAIL PROTECTED] wrote:
I have no doubt that was the intent. The question is, did he
achieve it?
You seem to be making claims to the contrary, but at the same
time you do not even know some basic facts about GBDE. Have
you really read even the gbde(8) man page? If so, how come you
missed
[EMAIL PROTECTED] wrote:
It is a serial attack that is:
for (i=0; i n; i++) {
crack the i'th key--key block;
}
So it is actually where $n$ is the number of key--key sectors:
[ ASCII art removed and sent to the museum of modern arts :- ]
So, for a
[EMAIL PROTECTED] wrote:
Your disk has 2^128 sectors? Where can I buy one of those?
In the same movie I referenced in the post you took that from. :-
Either there or in the dream I referenced a bit later. :-
ALeine
___
WebMail
On Fri, 2005-Mar-04 16:37:05 -0600, Jason Young wrote:
Why not put a flash chip into the drive's onboard electronics, of the same
size as the drive's cache, or the max possible size of all outstanding
cached writes?
That seems to be a better idea. ISTR that once upon a time, vendors made
chips
[EMAIL PROTECTED] wrote:
The principle of bivalence merely states that every proposition
is either true or false. Tertium non datur is the law of the
excluded middle, which is not the same.
Furthermore, neither one says anything about half
the population falling on one side or the other;
Thor Lancelot Simon wrote this message on Thu, Mar 03, 2005 at 16:01 -0500:
[.. ] (that cgd, though
it had existed for precisely two days when you checked GBDE into the
Just because I am tired of incorrect information (repeated) when it is
freely available on the respective websites:
CGD:
On Thu, Mar 03, 2005 at 01:30:15AM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Roland Dowdeswell wri
tes:
Let's discuss a simple example and see how it works. Let's walk
through a user login, with /etc/passwd on GBDE and the filesystem
mounted with mtime.
These days,
In message [EMAIL PROTECTED], Bernd Walter writes:
No matter what disk you take - writes never have been atomic.
The major difference I see is that you get a read error back in
the disk failure case, while such a crypto failure produces more or
less random data without any error.
Mounting unclean
I think the original author expressed the following concern:
- without the GBDE, a failure to write meta-data for a file (say,
'atime' for /etc/passwd) will not result in an unusable system.
Whether it was written or not does not matter much: either way, the
links to actual file blocks remain
On Thu, Mar 03, 2005 at 01:18:45PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Bernd Walter writes:
No matter what disk you take - writes never have been atomic.
The major difference I see is that you get a read error back in
the disk failure case, while such a crypto
[EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Bernd
Walter writes:
And how would you know that a restore from backup is required
for a damaged file?
100% true.
The trouble is that it would cost a lot in performance and a
doubling in metadata to protect yourself against this.
In message [EMAIL PROTECTED], ALeine writes:
Not necessarily, if one were to implement the ideas I proposed
I believe the performance could be kept at the same level as now.
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
The
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
No, it would not. What it _would_ take would be an abandonment of the
adamant position that your home-grown cryptosystem is superior to
simply encrypting the disk with 256-bit AES.
Where I come from home-grown is not derogative. All
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
I could not disagree more. When it comes to nonstandard homebrewed
cryptosystems foisted off on unsuspecting users with a bundle of
claims of algorithm strength that they're not competent to evaluate
for themselves, we do not need more
On 1109809815 seconds since the Beginning of the UNIX epoch
Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], Roland Dowdeswell wr
i
tes:
Let's discuss a simple example and see how it works. Let's walk
through a user login, with /etc/passwd on GBDE and the filesystem
mounted with mtime.
[EMAIL PROTECTED] wrote:
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes. A capacitor large enough
to hold enough energy to
In message [EMAIL PROTECTED], Roland Dowdeswell writes:
I chose CGD with AES256 for two reasons. First I wanted to compare
systems with comparable performance.
More computing sins are committed in the name of efficiency
(without necessarily achieving it) than for any other
Poul-Henning Kamp wrote:
I fully agree with you about the philosophical points, but not on
the implications.
I can not convince myself that encrypting a 40 GB disk sector by
sector using the same key, even if it is 256 bits, is a safe design.
You seem to belive otherwise.
And that's where it ends.
[EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED], Thor Lancelot Simon
writes:
Where I come from home-grown is not derogative. All
cryptosystems are by necessity home-grown for somebody somewhere.
I second that, standards do not come into existence out of thin
air and we might get to
In message [EMAIL PROTECTED], ALeine writes:
[EMAIL PROTECTED] wrote:
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
If only hardware manufacturers were to equip hard drives with
a mechanism to ensure atomic writes.
I
In message [EMAIL PROTECTED], Richard Coleman writes:
For instance, the NIST specification for AES and CCM mode (NIST Special
Publication 800-38C) specifically states that you must limit the number
of invocations of the block cipher (specifically AES) to 2^61. Now, I
realize that is an upper
For instance, the NIST specification for AES and CCM mode (NIST Special
Publication 800-38C) specifically states that you must limit the number
of invocations of the block cipher (specifically AES) to 2^61. Now, I
realize that is an upper bound. But even after removing several orders
of
On Thu, Mar 03, 2005 at 06:51:08PM +0100, Poul-Henning Kamp wrote:
In message [EMAIL PROTECTED], ALeine writes:
[EMAIL PROTECTED] wrote:
I gave up on journalling myself because IMO it complicates
things a lot and the problem it solves is very very small.
If only hardware manufacturers
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
It also uses MD5 in a way that I would characterize as not exactly
ordinary
The only role MD5 has is as a bit-blender. Any strength it may
add is just a bonus.
Indeed, the large number of algorithms
used in the keying and encryption
Again I was left out of the loop by a certain someone who is not
subscribed to [EMAIL PROTECTED], so I apologize for replying
indirectly.
[EMAIL PROTECTED] wrote:
In message [EMAIL PROTECTED],
Steven M. Bellovin writes:
I don't claim that there's a flaw. I do assert that that I
haven't
On 1109800339 seconds since the Beginning of the UNIX epoch
ALeine wrote:
Both Lucky Green and David Wagner has nodded vertical on GBDE.
I trust the professional opinions of both Lucky Green and David Wagner
at least an order of magnitute more than that of Roland Dowdeswell,
especially after
[EMAIL PROTECTED] wrote:
I can not encourage you enough to try it.
Don't let peole like Thor scare you away, progress happens when
people try to follow their ideas, even if told that they are fools by
people who (think they) know better.
Thor? Who is Thor? :- Seriously, this discussion is
In message [EMAIL PROTECTED], Perry E. Metzger writes:
There is a profession called cryptographer out there. They are the
folks who try out these new ideas, and they fill lots of conference
proceedings with their new ideas, including things like crypto modes
designed specifically for disk
[EMAIL PROTECTED] wrote:
Poul-Henning Kamp [EMAIL PROTECTED] writes:
We need more ideas and more people trying out ideas.
There is a profession called cryptographer out there. They are
the folks who try out these new ideas, and they fill lots of
conference proceedings with their new
I must have missed this one before.
[EMAIL PROTECTED] wrote:
Most of this started when I disputed some of the wild claims that
PHK has made about the security of GBDE.
You have not disputed them, you have only confirmed the strengths of
GBDE and exposed the issue of atomic writes.
Let me
In message [EMAIL PROTECTED], Thor Lancelot Simon writes:
On Thu, Mar 03, 2005 at 08:25:18PM +0100, Poul-Henning Kamp wrote:
To quote David Hume, Never an ought from an is.
I'm Danish by birth so english is only my second language, so I
apologize for mangling it.
That users (who
are they? how
In message [EMAIL PROTECTED], Todd Vierling writes:
On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:
At the time where I wrote GBDE, the best that was offered was CGD (and
similar) and users (not cryptographers!) didn't trust it
Could you back up this claim, insofar that users did not trust cgd?
In message [EMAIL PROTECTED], Perry E. Metzger writes:
There is a world out here that's called the IT industry.
Yes, there is. They routinely deploy bad security because they don't
get people who know what they are doing involved. See WEP, for
example, or a thousand other things.
Yes, it would
1 - 100 of 121 matches
Mail list logo
