RE: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
I do have applied cryptography and only suggested using a larger keysize as it increases the work factor for a brute force attack. -Original Message- From: Evan Nemerson [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 22:39 To: Vinod Panicker; [EMAIL PROTECTED] Subject: Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 Um, it hasn't been proven as the best algorithm. It merely hasn't been broken... yet. Actually, many people think IDEA is better. According to Bruce Schneier (creator of blowfish and twofish), ...it is the best and most secure block algorithm available to the public at this time... (Applied Cryptography, 2nd Edition, Section 13.9) Twofish, blowfish, AES, triple-DES... All are more than enough for pretty much anyone, but none has been PROVEN more secure than another, and all will probably be broken eventually. Go-go quantum computing ;) With regards to the why use AES? Blowfish can have a 448 bit key size! comment, does that mean if I XOR something with a 4096-bit key, I will have great security??? Sorry that was approaching flame, but I had to illustrate the point- its not just the size of the key that matters; it's how you use it! hehe i'm proud of that one. Now, as for the type of encryption, you really should get a copy of Appled Cryptography, 2nd Edition, and read chapter 9. It depends on your application. All have pros and cons. On Wednesday 22 May 2002 02:24 am, Vinod Panicker wrote: And why not use AES, which is an industry standard and having being proven as the best encryption algorithm in recent times? http://csrc.nist.gov/encryption/aes/aesfact.html As far as ECB mode is concerned, I dont know what problems you are talking about. I'm aware that the data gets encrypted in independed blocks and its easier to crack it, but its faster than other modes. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : why use AES? Blowfish can have a 448 bit key size! Also, why use ebc mode with all the problems which come with it? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:06 To: Jimmy Lantz Cc: [EMAIL PROTECTED] Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 There is no use of hashing in file-encryption except to use it as a check - to see if the decrypted file matches the original file. To do this check, you can use either MD5 or SHA1. The choice is urs. If ur looking for a good encryption algorithm, you might want to consider AES (Rijndael). It supports encryption using different key sizes as well as all modes. You can take your pick from ECB / CBC also. For binary file encryption, i would recommend ECB mode. For text files, it would be better that you use CBC mode. Tx, Vinod. On Wed, 22 May 2002 Jimmy Lantz wrote : I believe that twofish has been successfully broken, so use blowfish instead. Typically, for encrypting files you will use an algorithm like blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt supports this. Also, when creating the hash of the file, it is probably best to use SHA-1 instead of MD5, as there appears to be some concern with MD5 over it's compression function. HTH JH It helps :) I have been looking into Blowfish with cbc mode :) If I use SHA-1 it's still no way to dehash it during decryption of the file, so I fail to see the use of Hashing in fileencryption. Could someone enlighten me? / Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
And why not use AES, which is an industry standard and having being proven as the best encryption algorithm in recent times? http://csrc.nist.gov/encryption/aes/aesfact.html As far as ECB mode is concerned, I dont know what problems you are talking about. I'm aware that the data gets encrypted in independed blocks and its easier to crack it, but its faster than other modes. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : why use AES? Blowfish can have a 448 bit key size! Also, why use ebc mode with all the problems which come with it? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:06 To: Jimmy Lantz Cc: [EMAIL PROTECTED] Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 There is no use of hashing in file-encryption except to use it as a check - to see if the decrypted file matches the original file. To do this check, you can use either MD5 or SHA1. The choice is urs. If ur looking for a good encryption algorithm, you might want to consider AES (Rijndael). It supports encryption using different key sizes as well as all modes. You can take your pick from ECB / CBC also. For binary file encryption, i would recommend ECB mode. For text files, it would be better that you use CBC mode. Tx, Vinod. On Wed, 22 May 2002 Jimmy Lantz wrote : I believe that twofish has been successfully broken, so use blowfish instead. Typically, for encrypting files you will use an algorithm like blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt supports this. Also, when creating the hash of the file, it is probably best to use SHA-1 instead of MD5, as there appears to be some concern with MD5 over it's compression function. HTH JH It helps :) I have been looking into Blowfish with cbc mode :) If I use SHA-1 it's still no way to dehash it during decryption of the file, so I fail to see the use of Hashing in fileencryption. Could someone enlighten me? / Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
One of the reasons I like Blowfish is that I have used it for years, and there have been no successfull attempts to crack it. Why do you encrypt binary files in ebc and text files in cbc? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:25 To: John Horton Cc: [EMAIL PROTECTED]; Jimmy Lantz Subject: Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 And why not use AES, which is an industry standard and having being proven as the best encryption algorithm in recent times? http://csrc.nist.gov/encryption/aes/aesfact.html As far as ECB mode is concerned, I dont know what problems you are talking about. I'm aware that the data gets encrypted in independed blocks and its easier to crack it, but its faster than other modes. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : why use AES? Blowfish can have a 448 bit key size! Also, why use ebc mode with all the problems which come with it? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:06 To: Jimmy Lantz Cc: [EMAIL PROTECTED] Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 There is no use of hashing in file-encryption except to use it as a check - to see if the decrypted file matches the original file. To do this check, you can use either MD5 or SHA1. The choice is urs. If ur looking for a good encryption algorithm, you might want to consider AES (Rijndael). It supports encryption using different key sizes as well as all modes. You can take your pick from ECB / CBC also. For binary file encryption, i would recommend ECB mode. For text files, it would be better that you use CBC mode. Tx, Vinod. On Wed, 22 May 2002 Jimmy Lantz wrote : I believe that twofish has been successfully broken, so use blowfish instead. Typically, for encrypting files you will use an algorithm like blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt supports this. Also, when creating the hash of the file, it is probably best to use SHA-1 instead of MD5, as there appears to be some concern with MD5 over it's compression function. HTH JH It helps :) I have been looking into Blowfish with cbc mode :) If I use SHA-1 it's still no way to dehash it during decryption of the file, so I fail to see the use of Hashing in fileencryption. Could someone enlighten me? / Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
Thats why lots of people like Blowfish, including myself. I am using it in a production environment with PHP and mcrypt. In ECB mode, the blocks are encrypted independently, whereas in CBC mode, the blocks are encrypted with information based on the previous block. What this means is that if a particular block which was encrypted using ECB mode is decrypted, it would show the plain text, whereas it wont happen if the data was encrypted using CBC mode. Plain text files can be seen and understood, whereas its much more difficult to understand if the crack attempt on a block of binary data was successful, since the data wont necessarily make any sense. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : One of the reasons I like Blowfish is that I have used it for years, and there have been no successfull attempts to crack it. Why do you encrypt binary files in ebc and text files in cbc? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:25 To: John Horton Cc: [EMAIL PROTECTED]; Jimmy Lantz Subject: Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 And why not use AES, which is an industry standard and having being proven as the best encryption algorithm in recent times? http://csrc.nist.gov/encryption/aes/aesfact.html As far as ECB mode is concerned, I dont know what problems you are talking about. I'm aware that the data gets encrypted in independed blocks and its easier to crack it, but its faster than other modes. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : why use AES? Blowfish can have a 448 bit key size! Also, why use ebc mode with all the problems which come with it? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:06 To: Jimmy Lantz Cc: [EMAIL PROTECTED] Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 There is no use of hashing in file-encryption except to use it as a check - to see if the decrypted file matches the original file. To do this check, you can use either MD5 or SHA1. The choice is urs. If ur looking for a good encryption algorithm, you might want to consider AES (Rijndael). It supports encryption using different key sizes as well as all modes. You can take your pick from ECB / CBC also. For binary file encryption, i would recommend ECB mode. For text files, it would be better that you use CBC mode. Tx, Vinod. On Wed, 22 May 2002 Jimmy Lantz wrote : I believe that twofish has been successfully broken, so use blowfish instead. Typically, for encrypting files you will use an algorithm like blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt supports this. Also, when creating the hash of the file, it is probably best to use SHA-1 instead of MD5, as there appears to be some concern with MD5 over it's compression function. HTH JH It helps :) I have been looking into Blowfish with cbc mode :) If I use SHA-1 it's still no way to dehash it during decryption of the file, so I fail to see the use of Hashing in fileencryption. Could someone enlighten me? / Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
Um, it hasn't been proven as the best algorithm. It merely hasn't been broken... yet. Actually, many people think IDEA is better. According to Bruce Schneier (creator of blowfish and twofish), ...it is the best and most secure block algorithm available to the public at this time... (Applied Cryptography, 2nd Edition, Section 13.9) Twofish, blowfish, AES, triple-DES... All are more than enough for pretty much anyone, but none has been PROVEN more secure than another, and all will probably be broken eventually. Go-go quantum computing ;) With regards to the why use AES? Blowfish can have a 448 bit key size! comment, does that mean if I XOR something with a 4096-bit key, I will have great security??? Sorry that was approaching flame, but I had to illustrate the point- its not just the size of the key that matters; it's how you use it! hehe i'm proud of that one. Now, as for the type of encryption, you really should get a copy of Appled Cryptography, 2nd Edition, and read chapter 9. It depends on your application. All have pros and cons. On Wednesday 22 May 2002 02:24 am, Vinod Panicker wrote: And why not use AES, which is an industry standard and having being proven as the best encryption algorithm in recent times? http://csrc.nist.gov/encryption/aes/aesfact.html As far as ECB mode is concerned, I dont know what problems you are talking about. I'm aware that the data gets encrypted in independed blocks and its easier to crack it, but its faster than other modes. Tx, Vinod. On Wed, 22 May 2002 John Horton wrote : why use AES? Blowfish can have a 448 bit key size! Also, why use ebc mode with all the problems which come with it? JH -Original Message- From: Vinod Panicker [mailto:[EMAIL PROTECTED]] Sent: 22 May 2002 10:06 To: Jimmy Lantz Cc: [EMAIL PROTECTED] Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3 There is no use of hashing in file-encryption except to use it as a check - to see if the decrypted file matches the original file. To do this check, you can use either MD5 or SHA1. The choice is urs. If ur looking for a good encryption algorithm, you might want to consider AES (Rijndael). It supports encryption using different key sizes as well as all modes. You can take your pick from ECB / CBC also. For binary file encryption, i would recommend ECB mode. For text files, it would be better that you use CBC mode. Tx, Vinod. On Wed, 22 May 2002 Jimmy Lantz wrote : I believe that twofish has been successfully broken, so use blowfish instead. Typically, for encrypting files you will use an algorithm like blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt supports this. Also, when creating the hash of the file, it is probably best to use SHA-1 instead of MD5, as there appears to be some concern with MD5 over it's compression function. HTH JH It helps :) I have been looking into Blowfish with cbc mode :) If I use SHA-1 it's still no way to dehash it during decryption of the file, so I fail to see the use of Hashing in fileencryption. Could someone enlighten me? / Jim -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Click below to visit monsterindia.com and review jobs in India or Abroad http://monsterindia.rediff.com/jobs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
