On Monday 30 January 2006 00:22, veins wrote: > Travers Buda wrote: > >[...] > >No known weaknesses exist in Blowfish, but that 64 bit block scares > > me. [...] > > Can you explain why it scares you ? I am not a cryptographer but I > see no reason why a cipher using > 64 bit block size is scary, all of the attacks I can think of that > are tied to the block size are still not > practicable with a 64 bit block size (either they require too much > memory, too much time or too much > information). Maybe I am not thinking of something obvious, so please > correct me if i'm wrong.
> Blowfish has also been scrutinized and analyzed (and for a longer > time than both Rijndael and Twofish), it > has proven to be strong and resistant, as well as efficient for most > needs. Also Rijndael being the standart > doesn't mean that it is the safest choice at all (not that i'm saying > its bad, im not a cryptographer), and > well Twofish sounds cool but why switch from a working solution to > another one, when there's no real need > for that time and effort consuming change ? Yes, this entire thread may be moot. Why fix it if it ain't broken? Well, we may not know that it is broken. We can only use our best judgement--a matter of opinion sometimes. Ack. Bruce Schneier designed Blowfish. Bruce Schneier designed Twofish to be a sucessor to Blowfish. > Blowfish has also been scrutinized and analyzed (and for a longer > time than both Rijndael and Twofish) Blowfish may be older, but I think that Twofish has been analyzed more than Blowfish due to the NIST competition a few years back. > well Twofish sounds cool but why switch from a working solution to > another one, when there's no real need > for that time and effort consuming change ? I agree, Blowfish is just fine in some applications. I don't know if it's universal though. OpenBSD uses it almost universally. I'm not saying OpenBSD should use Twofish. I'm asking wherether or not OpenBSD should use Twofish. Sweet dreams, veins Travers
