From: Bill Stewart <stewarts@ix.netcom.com>
Date: Wed, 25 Sep 1996 16:21:58 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: WARNING: This Message Actually Contains a Question Reguarding Crypto!
Message-ID: <199609250610.XAA23137@dfw-ix12.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:34 AM 9/24/96 -0500, "William H. Geiger III" <whgiii@amaranth.com> wrote:
>I just recently downloaded copies of Blowfish & Ghost.
Do you mean GOST, the Russian algorithm family?

>Does anyone have any experiance with these two algorithims?

>How do they comare to RSA, DES, 3DES, IDEA ?

Bruce Schneier's book Applied Cryptography discusses
Blowfish (no surprise, since it's his algorithm) and
I think also discusses GOST.  Blowfish is very fast
once you've finished the (deliberately slow) key schedule.
It appears to be tolerably strong, though there hasn't
been as much analysis on it as on RC4 or IDEA yet, much less DES.

GOST requires you to set some parameters, I think S-boxes,
and the strength of the algorithm depends on lots of subtle
effects of those parameters.  The set used by the Russian military
is classified; some of the other sets are public, and
presumably the implementation you have gets its values from someone.
Unless you know who, and how strong they are, I wouldn't trust it.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto