[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: carrick, Blowfish & the NSA

To: SINCLAIR DOUGLAS N <[email protected]>
Subject: Re: carrick, Blowfish & the NSA
From: "Perry E. Metzger" <[email protected]>
Date: Sun, 14 Apr 1996 10:22:06 -0400
cc: [email protected]
In-reply-to: Your message of "Sun, 14 Apr 1996 10:02:00 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

SINCLAIR DOUGLAS N writes:
> > Jerry Whiting writes:
> > > One reason we chose to use Blowfish as the basis for carrick is that
> > > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > > give them something else to sweat over.
> > 
> > They won't sweat over it long. Blowfish was broken.
> 
> Yikes!  Are you sure?

At least partially broken, yes. I've forgotten the details. I believe
they were discussed at Eurocrypt. It may be that with the full number
of rounds that no one yet has a cryptanalysis but I don't recall and
it doesn't particularly matter from my perspective.

> This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.

I was unaware that PGPPhone used Blowfish, but if it does that was a
stupid idea in the first place.

Perry

Follow-Ups:
- Re: carrick, Blowfish & the NSA
  - From: "Mark M." <[email protected]>
- Re: carrick, Blowfish & the NSA
  - From: Wei Dai <[email protected]>
- Re: carrick, Blowfish & the NSA
  - From: K00l Secrets <[email protected]>

References:
- Re: carrick, Blowfish & the NSA
  - From: SINCLAIR DOUGLAS N <[email protected]>

Prev by Date: [NOISE] Re: unsubscrive - Let's make a special list for these people!
Next by Date: Re: Is crypt(1) a prohibited export?
Prev by thread: Re: carrick, Blowfish & the NSA
Next by thread: Re: carrick, Blowfish & the NSA
Index(es):
- Date
- Thread