From: Hal <hfinney@shell.portal.com>
Date: Mon, 15 Apr 1996 02:16:28 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
Message-ID: <199604141545.IAA02699@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Blowfish has not been broken in my opinion.  I wonder if Perry is
thinking of MacGuffin, the block cipher by Schneier and Matt Blaze
based on an asymmetrical Feistel network.  It was broken, and I think
it was at Eurocrypt.

Here is a message from sci.crypt a month ago where Bruce discusses the
status of Blowfish.  A weak key attack is known against a weakened
version, but I think the weak keys are rare.

> From: schneier@parka.winternet.com (Bruce Schneier) 
> Date: 1996/03/14
> MessageID: 4i907g$9lj@blackice.winternet.com#1/1
> 
> The most successful attack against Blowfish to date has been against the
> weak keys (two identical entries in an S-box).  These can be detected in
> a 12-round variant, but not in the full 16 rounds.  I still believe that
> random S-boxes are better than chosen ones, and think that more rounds
> is better than fewer rounds with better S-boxes.  There are a few
> things I would do differently if I was to write the algorithm from scratch
> right now, but on the whole I am still pleased with the results.
> 
> Bruce


Hal