At 04:19 PM 5/8/00 -0700, Bill Stewart wrote:
>At 09:53 AM 05/08/2000 -0400, David Honig wrote:
>>You don't mention the longer exposure time of BFish,
>>though the AES algs get intense scrutiny now;
>
>I probably should have. I figured that most of the learning
>that happened with scrutinizing Blowfish went into Twofish,
>as well as Twofish getting more attention as an AES candidate,
>so I think Twofish is probably the stronger of the two.
But the analysis that went into Blowfish also went into the
designs of *all* other ciphers since, assuming reasonable behavior
on the part of ciphers' authors.
>>Re implementations, I don't think that's a concern. You can always
>>verify optimizations and ports against golden reference code, and
>>crypto algs show bugs *real* readily.
>
>Crypto algorithms usually show incorrect calculations real readily.
>(For instance, one of the early published C implementations of Blowfish
>had a bug that only affected part of the keyspace, not all of it.)
Hmm. That sounds subtle enough to slip by..
>But implementations have serious problems that don't show if you
>only feed them valid data - buffer overflows or similar attacks
>only get noticed if you're looking for them, but can be devastating
>to the safety of a crypto product even if it gets the calculations correct
>when given correct input data.
Sure. Sanity checks on all incoming params are well-advised in secure
systems,
if tedious to program. There would be so fewer exploitz were this done..
(There are even 'sanity checks' in hardware ---shutdown and/or zeroize when
the clock, temperature, voltage gets too strange)
>>largely moot. But I hardly think BFish is depreciated at this point.
>
>It's probably as good as anything out there for continued use of existing
>tools.
>But I don't see any reason to write new Blowfish apps - might as well use
>2Fish
>instead, or another AES candidate, if you've got good enough reasons to
>not use 3DES.
I think the argument is entirely that of gambling that you'll have picked a
winnah,
not technological. Hmm, the odds are one in six? Crypto roulette :-)
dh
