1996-04-14 - Re: carrick, Blowfish & the NSA

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Jerry Whiting <jwhiting@igc.apc.org>
Message Hash: 69371f8d60ec3367f87f0fff5d00a77223cffa288b579e4ef8d4832963e53d95
Message ID: <199604140849.EAA05136@jekyll.piermont.com>
Reply To: <199604140412.VAA24649@igc2.igc.apc.org>
UTC Datetime: 1996-04-14 12:23:19 UTC
Raw Date: Sun, 14 Apr 1996 20:23:19 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 14 Apr 1996 20:23:19 +0800
To: Jerry Whiting <jwhiting@igc.apc.org>
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604140412.VAA24649@igc2.igc.apc.org>
Message-ID: <199604140849.EAA05136@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain

Jerry Whiting writes:
> One reason we chose to use Blowfish as the basis for carrick is that
> it _is_ a new algorithm.  One has to assume that the NSA et al. has
> tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> give them something else to sweat over.

They won't sweat over it long. Blowfish was broken.

> Like I said, we're aiming high.

I believe you are having trouble distinguishing "up" from "down" while
looking through your sights....

> So yes, if we're successful Blowfish should be taken more seriously.

Why? Why exactly would it be hard to produce a crypto package based on
any given algorithm? Its not exactly like Blowfish wasn't out and
available already or anything.

> Our marketing tag ("Encryption software so good, the Feds won't let
> us export it.")

They won't let you export DES and we know how good that is. Heck, they
won't let you export 41 bit RC4 or better and we all know how good 41
bit RC4 would be.