cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-06-23 - Re: Win95 Blowfish Implementation

Header Data

From: “David F. Ogren” <ogren@cris.com>
To: Bill Stewart <cypherpunks@toad.com
Message Hash: 00543906dd6f4d2c9891bb2f4c8d99dc9284c05d5b8abc1ae8751862a7fed75d
Message ID: <199606230521.BAA21859@darius.cris.com>
Reply To: N/A
UTC Datetime: 1996-06-23 09:19:55 UTC
Raw Date: Sun, 23 Jun 1996 17:19:55 +0800

Raw message

From: "David F. Ogren" <ogren@cris.com>
Date: Sun, 23 Jun 1996 17:19:55 +0800
To: Bill Stewart <cypherpunks@toad.com
Subject: Re: Win95 Blowfish Implementation
Message-ID: <199606230521.BAA21859@darius.cris.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Thanks to everyone who replied to my original message.  I was 
confident I could use those algorithms (I wouldn't have spent 
months on the code otherwise) but I wanted to check one more time
before I publicly released software using them.

One question though.  The following text is quoted from Bill 
Stewart.

> >2. SHA can be used without royalty.
> Yup.  Use SHA-1 rather than the original SHA, though; the NSA
> "updated" it in ways that do appear to strengthen it.
> 

What exactly is the difference between SHA and SHA-1?  Is it the 
left circular shift when generating the W array?  I coded the SHA 
alogrithm according to _Applied Cryptography_ Second Edition.  Is 
that the updated version of SHA?

Many thanks.

David F. Ogren

P.S.
Here is the super short description of Hootie:

Hootie is a Windows 95 implementation of the Blowfish algorithm.  
It is a fully graphical interface which includes drag and drop 
support as well as Explorer launch.

It can support both CBC and ECB modes.  The passphrase can either 
be directly entered by the user or the passphrase can be SHA hashed 
before use.

Hootie can optionally add headers at the beginning of the file 
which automatically select the block encryption mode and confirm 
good passphrases, or (for people concerned about known-plaintext 
attacks) omit the headers.

Future features include: generation of keys via a TNG (which are 
then saved to file), using MD5 rather than SHA, and a primitive 
text editor which which can be encrypted/decrypted to/from.

I currently expect to release the alpha version in two to three 
weeks.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMczT+fBB6nnGJuMRAQGcXgP+LcOp17aHIpoyScq9O8MlK+HcNBUsbdxq
KoFEqeDJyyL9pOcn9IdMHvZXmzzdBpEdk2q7DrObhk9z8Dy3jqai4t222upJ2kmn
blXGW3zIRdyycGg0ij0GCZzUkD6cSLpe4k5/HdhWhcgyDFx6t95sJIQAm/YIoC1R
JTTc86tmjss=
=iXHL
-----END PGP SIGNATURE-----
--
David F. Ogren
ogren@concentric.net (alternate address: dfogren@msn.com)
PGP Key ID: 0xC626E311
PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE  81 71 84 C8 2C E0 4B 01
(public key available via server or by sending a message to
ogren@concentric.net with a subject of GETPGPKEY)

Thread