At 12:17 AM 5/8/00 -0400, Bill Stewart wrote:
>
>If I wanted a non-3DES algorithm, I wouldn't use Blowfish -
>Bruce Schneier et al. have Twofish out, and while the primary goals
>of the redesign are to fit into the AES requirements framework,
>rather than to strengthen the algorithm, they may have benefited from
>experience,
>and there have also been heavy efforts to break it and the other AES
>candidates.
>They've been a lot briefer than the attacks on 3DES, but probably more
>attention than has been paid to Blowfish. Another advantage of Twofish
>over Blowfish is that it also has some reference implementations that have
>been checked out reasonably well.
Hi Bill,
interesting point of view. You don't mention the longer exposure
time of BFish, though the AES algs get intense scrutiny now; and as
others have said, the threat is unpublished attacks that may well
weaken them all. (Incl. earlier algs, like BFish)
Re implementations, I don't think that's a concern. You can always
verify optimizations and ports against golden reference code, and
crypto algs show bugs *real* readily.
Re Twofish motivations, I think making a more key-agile algorithm is
probabably the biggest factor. Then reducing RAM requirements, in
part for smartcards.
But since the code for any alg can be taken off the shelf, and the cipher
algs are almost never the weakness (cf key management, protocols), its
largely moot. But I hardly think BFish is depreciated at this point.
dh
