At 09:53 AM 05/08/2000 -0400, David Honig wrote:
>You don't mention the longer exposure time of BFish,
>though the AES algs get intense scrutiny now;
I probably should have. I figured that most of the learning
that happened with scrutinizing Blowfish went into Twofish,
as well as Twofish getting more attention as an AES candidate,
so I think Twofish is probably the stronger of the two.
>Re implementations, I don't think that's a concern. You can always
>verify optimizations and ports against golden reference code, and
>crypto algs show bugs *real* readily.
Crypto algorithms usually show incorrect calculations real readily.
(For instance, one of the early published C implementations of Blowfish
had a bug that only affected part of the keyspace, not all of it.)
But implementations have serious problems that don't show if you
only feed them valid data - buffer overflows or similar attacks
only get noticed if you're looking for them, but can be devastating
to the safety of a crypto product even if it gets the calculations correct
when given correct input data.
>But since the code for any alg can be taken off the shelf, and the cipher
>algs are almost never the weakness (cf key management, protocols), its
>largely moot. But I hardly think BFish is depreciated at this point.
It's probably as good as anything out there for continued use of existing
tools.
But I don't see any reason to write new Blowfish apps - might as well use
2Fish
instead, or another AES candidate, if you've got good enough reasons to
not use 3DES.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
