1996-04-14 - Re: carrick, Blowfish & the NSA

Header Data

From: “Mark M.” <markm@voicenet.com>
To: cypherpunks@toad.com
Message Hash: a6e737d9e73ddce8a62279b246a35b6c53346b124c2bf786d8c1ccdd351a055d
Message ID: <Pine.LNX.3.92.960414121820.358A-100000@gak>
Reply To: <199604141422.KAA05302@jekyll.piermont.com>
UTC Datetime: 1996-04-14 20:34:45 UTC
Raw Date: Mon, 15 Apr 1996 04:34:45 +0800

Raw message

From: "Mark M." <markm@voicenet.com>
Date: Mon, 15 Apr 1996 04:34:45 +0800
To: cypherpunks@toad.com
Subject: Re: carrick, Blowfish & the NSA
In-Reply-To: <199604141422.KAA05302@jekyll.piermont.com>
Message-ID: <Pine.LNX.3.92.960414121820.358A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 14 Apr 1996, Perry E. Metzger wrote:

> At least partially broken, yes. I've forgotten the details. I believe
> they were discussed at Eurocrypt. It may be that with the full number
> of rounds that no one yet has a cryptanalysis but I don't recall and
> it doesn't particularly matter from my perspective.

I haven't heard of any efficient cryptanalysis against Blowfish.  I know there
are weak keys, but they are difficult to exploit.  16 round Blowfish can be
broken using differential cryptanalysis with 2^128+1 chosen plaintexts.

> > This is the first I've heard of it.  This would mean
> > that PGPPhone is not secure.
> I was unaware that PGPPhone used Blowfish, but if it does that was a
> stupid idea in the first place.

Blowfish is unpatented, free for commercial use, and very fast so I don't see
how the use of Blowfish could be considered stupid.  IDEA and triple-DES may
be more secure, but I think that they are too slow for voice communication.

- -- Mark

markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

Version: 2.6.3
Charset: noconv