On Mon, 23 Feb 2009 18:59:56 -0600 Ron Johnson <ron.l.john...@cox.net> wrote:
> On 02/23/2009 02:43 PM, Celejar wrote: > > On Sun, 22 Feb 2009 20:10:57 -0600 > > Ron Johnson <ron.l.john...@cox.net> wrote: > > > >> On 02/22/2009 07:03 PM, Javier wrote: > > > > ... > > > >>> And which is better, Blowfish or AES? > >> AES. > > > > Source? Wikipedia just says: > > > > "Blowfish provides a good encryption rate in software and no effective > > cryptanalysis of it has been found to date. However, the Advanced > > Encryption Standard now receives more attention." > > http://en.wikipedia.org/wiki/Weak_key#List_of_algorithms_with_weak_keys > Blowfish. Blowfish's weak keys produce bad S-boxes, since > Blowfish's S-boxes are key-dependent. There is a chosen > plaintext attack against a reduced-round variant of Blowfish > that is made easier by the use of weak keys. This is not a > concern for full 16-round Blowfish. > > > http://en.wikipedia.org/wiki/Blowfish_(cipher) But it's "not a concern for full 16-round Blowfish", so is that really a problem? "There is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2009[update]. A sign extension bug in one publication of C code has been identified. In 1996, Serge Vaudenay found a known-plaintext attack requiring 28r + 1 known plaintexts to break, where r is the number of rounds. Moreover, he also found a class of weak keys that can be detected and broken by the same attack with only 24r + 1 known plaintexts. This attack cannot be used against the regular Blowfish; it assumes knowledge of the key-dependent S-boxes. Vincent Rijmen, in his Ph.D. thesis, introduced a second-order differential attack that can break four rounds and no more. There remains no known way to break the full 16 rounds, apart from a brute-force search. Bruce Schneier notes that while Blowfish is still in use, he recommends using the more recent Twofish algorithm instead." http://en.wikipedia.org/wiki/Blowfish_(cipher)#Cryptanalysis_of_Blowfish > > And what about Twofish? So as I said, anything wrong with Twofish? Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org