Re: Why is Blowfish's key size limited to 128 bits in RFC 4880?

Sat, 17 Oct 2020 09:38:58 -0700 

Unfortunately 3DES did not survive said scrutiny in the end...



It absolutely *has* survived scrutiny.  I don't know where you're 
getting your information.  3DES is being phased out because its 64-bit 
block size makes it dicey for modern bulk encryption, and because its 
spectacular overdesign makes it very slow.



That's it.  Nobody has come up with any kind of meaningful cryptanalytic 
attack against it.  It simply doesn't exist.



My P3 class-powered servers performing a variety of cryptographic
operations on relatively large files (we get anything from 30 to 60 MiB
pdf's on a regular basis and if I were to use Twofish for any of it... not
practical)



Very practical.  You could practically use 3DES on these files.  60MB is 
nothing: you're going to experience more slowdown writing to disk.



Sooner or later something's bound to happen that could render current
technology obsolete, so it's better to err on the safer side.



In that case, why not also work on defending against time travel, 
psychic phenomena, or aliens from Zarbnulax?



The moment you say "it doesn't matter what the science says," you open 
the door to some very reasonable questions about why you're defending 
against one not-rooted-in-science attack and not others.



Why would anybody break ciphers the hard way with cryptanalysis, when
real-world systems are so easily exploitable and the human beings behind
them even moreso?


Convenience. If you break one, you've broken them all.



No, that's not how cryptanalysis works, either.  Cryptanalysis works by 
reducing the amount of work to be done: only in rare cases will it 
totally erase the work factor.  A massively profound cryptanalytic 
attack on AES128 would reduce the work factor to, oh, call it 2**80; 
that result would be *seismic*.



But 2**80 ain't easy, either.  You still have to do an awful lot of hard 
work and pay a really huge utility bill.



Why do it this way?  Why not go after the data in a non-cryptanalytic 
way, where the work factor is so much less?



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to