[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: carrick, Blowfish & the NSA



Blowfish has not been broken in my opinion.  I wonder if Perry is
thinking of MacGuffin, the block cipher by Schneier and Matt Blaze
based on an asymmetrical Feistel network.  It was broken, and I think
it was at Eurocrypt.

Here is a message from sci.crypt a month ago where Bruce discusses the
status of Blowfish.  A weak key attack is known against a weakened
version, but I think the weak keys are rare.

> From: [email protected] (Bruce Schneier) 
> Date: 1996/03/14
> MessageID: [email protected]#1/1
> 
> The most successful attack against Blowfish to date has been against the
> weak keys (two identical entries in an S-box).  These can be detected in
> a 12-round variant, but not in the full 16 rounds.  I still believe that
> random S-boxes are better than chosen ones, and think that more rounds
> is better than fewer rounds with better S-boxes.  There are a few
> things I would do differently if I was to write the algorithm from scratch
> right now, but on the whole I am still pleased with the results.
> 
> Bruce


Hal