[GnuPG-users] identical files -> non-identical encrypted files

Robert J. Hansen rjh at sixdemonbag.org
Mon Aug 4 10:49:46 CEST 2008


Kiss Gabor (Bitman) wrote:
> Eeerrr... sorry to say but I think you missed something.

So did you.  This scheme is poorly specified, based on an incorrect
understanding of user needs, as a practical matter can be cracked, is
rife with implementation difficulties, and you seem to have no
understanding of the implicit tradeoffs and compromises which go into it.

It's just not going to work.

Please study the problem domain.

Additional remarks:

  * Key management issues in this are largely handwaved.
  * Rekeying of drive is problematic.
  * BitLocker's architecture may be worth studying
  * Disk keys _do_ change, they _need_ to be changeable, and
    any protocol which does not support this is not suitable
    for real world use.





More information about the Gnupg-users mailing list