[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win95 Blowfish Implementation



-----BEGIN PGP SIGNED MESSAGE-----

Thanks to everyone who replied to my original message.  I was 
confident I could use those algorithms (I wouldn't have spent 
months on the code otherwise) but I wanted to check one more time
before I publicly released software using them.

One question though.  The following text is quoted from Bill 
Stewart.

> >2. SHA can be used without royalty.
> Yup.  Use SHA-1 rather than the original SHA, though; the NSA
> "updated" it in ways that do appear to strengthen it.
> 

What exactly is the difference between SHA and SHA-1?  Is it the 
left circular shift when generating the W array?  I coded the SHA 
alogrithm according to _Applied Cryptography_ Second Edition.  Is 
that the updated version of SHA?

Many thanks.

David F. Ogren

P.S.
Here is the super short description of Hootie:

Hootie is a Windows 95 implementation of the Blowfish algorithm.  
It is a fully graphical interface which includes drag and drop 
support as well as Explorer launch.

It can support both CBC and ECB modes.  The passphrase can either 
be directly entered by the user or the passphrase can be SHA hashed 
before use.

Hootie can optionally add headers at the beginning of the file 
which automatically select the block encryption mode and confirm 
good passphrases, or (for people concerned about known-plaintext 
attacks) omit the headers.

Future features include: generation of keys via a TNG (which are 
then saved to file), using MD5 rather than SHA, and a primitive 
text editor which which can be encrypted/decrypted to/from.

I currently expect to release the alpha version in two to three 
weeks.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMczT+fBB6nnGJuMRAQGcXgP+LcOp17aHIpoyScq9O8MlK+HcNBUsbdxq
KoFEqeDJyyL9pOcn9IdMHvZXmzzdBpEdk2q7DrObhk9z8Dy3jqai4t222upJ2kmn
blXGW3zIRdyycGg0ij0GCZzUkD6cSLpe4k5/HdhWhcgyDFx6t95sJIQAm/YIoC1R
JTTc86tmjss=
=iXHL
-----END PGP SIGNATURE-----
--
David F. Ogren
[email protected] (alternate address: [email protected])
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
[email protected] with a subject of GETPGPKEY)