[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: carrick, Blowfish & the NSA





On Sun, 14 Apr 1996, SINCLAIR DOUGLAS N wrote:

> > They won't sweat over it long. Blowfish was broken.
> 
> Yikes!  Are you sure?  This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.
> 
If it's the one that's in applied crypto 2 (p.339) and ddj, then it's only a 
partial crack on a low number of rounds (according to AC2). Schneier still 
thought it was secure at the time of the publishing of AC2, but then he 
may be biased. (and since this is crypto why not be paranoid, eh?)
�   
Besides, doesn't PGPfone give you a choice of algorithms? (including IDEA?)
I haven't gotten it yet, no sound card.

Perry, you've mentioned this before, was this the same crack that's in 
the book or something newer? (paper references?)

(I just caught your reply to Sinclair after writing this. In any case 
Schneier lists the diff. cryptanalysis of blowfish paper as unpublished.)