1996-04-14 - Re: carrick, Blowfish & the NSA

Header Data

From: s1113645@tesla.cc.uottawa.ca
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Message Hash: 5fbf7e4d69087139191f9eaafd3bc37702abe932a97a2027b644da964042e309
Message ID: <Pine.3.89.9604141322.A21250-0100000@tesla.cc.uottawa.ca>
Reply To: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
UTC Datetime: 1996-04-14 20:58:50 UTC
Raw Date: Mon, 15 Apr 1996 04:58:50 +0800

Raw message

From: s1113645@tesla.cc.uottawa.ca
Date: Mon, 15 Apr 1996 04:58:50 +0800
To: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <96Apr14.100201edt.1826@cannon.ecf.toronto.edu>
Message-ID: <Pine.3.89.9604141322.A21250-0100000@tesla.cc.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain

On Sun, 14 Apr 1996, SINCLAIR DOUGLAS N wrote:

> > They won't sweat over it long. Blowfish was broken.
> Yikes!  Are you sure?  This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.
If it's the one that's in applied crypto 2 (p.339) and ddj, then it's only a 
partial crack on a low number of rounds (according to AC2). Schneier still 
thought it was secure at the time of the publishing of AC2, but then he 
may be biased. (and since this is crypto why not be paranoid, eh?)
Besides, doesn't PGPfone give you a choice of algorithms? (including IDEA?)
I haven't gotten it yet, no sound card.

Perry, you've mentioned this before, was this the same crack that's in 
the book or something newer? (paper references?)

(I just caught your reply to Sinclair after writing this. In any case 
Schneier lists the diff. cryptanalysis of blowfish paper as unpublished.)