From: Jerry Whiting <jwhiting@igc.apc.org>
Date: Mon, 15 Apr 1996 03:12:07 +0800
To: cypherpunks@toad.com
Subject: Blowfish ain't broken
Message-ID: <199604141628.JAA17215@igc2.igc.apc.org>
MIME-Version: 1.0
Content-Type: text/plain


> Jerry Whiting writes:
> > One reason we chose to use Blowfish as the basis for carrick is that
> > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > give them something else to sweat over.
> 
> Perry writes:
> They won't sweat over it long. Blowfish was broken.

My understanding is that Blowfish using only 3 rounds, not the full 16, has been
broken.  And yes, duplicate entries in an S-box are weak keys.

carrick uses the full 16 rounds and we check for weak keys.

I'll sleep at night.


Jerry Whiting