[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: carrick, Blowfish & the NSA
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 14 Apr 1996, Perry E. Metzger wrote:
> At least partially broken, yes. I've forgotten the details. I believe
> they were discussed at Eurocrypt. It may be that with the full number
> of rounds that no one yet has a cryptanalysis but I don't recall and
> it doesn't particularly matter from my perspective.
I haven't heard of any efficient cryptanalysis against Blowfish. I know there
are weak keys, but they are difficult to exploit. 16 round Blowfish can be
broken using differential cryptanalysis with 2^128+1 chosen plaintexts.
>
> > This is the first I've heard of it. This would mean
> > that PGPPhone is not secure.
>
> I was unaware that PGPPhone used Blowfish, but if it does that was a
> stupid idea in the first place.
Blowfish is unpatented, free for commercial use, and very fast so I don't see
how the use of Blowfish could be considered stupid. IDEA and triple-DES may
be more secure, but I think that they are too slow for voice communication.
- -- Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected] | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMXEmo7Zc+sv5siulAQFNugP/eajuzeBDrGi5LfQy5IYANVzYnt/FRQYF
egUkJuWtkxI8ff/CzS9dKxOW95c8SuvYyis9D8NfwAcPesKI/YQp734l/v+NYH4V
G7AZvzdLEKpDWVzo524o326o4ufXV7ycysLNq4yrkPJ5LJyLdm5A3z/0IYeoXStK
2HWAf22Iksc=
=cwEh
-----END PGP SIGNATURE-----