I was mixing up with the attack against twofish with reduced rounds (I think
this is true of blowfish with reduced rounds as well )
-Original Message-
From: Evan Nemerson [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2002 22:57
To: John Horton; [EMAIL PROTECTED]
Subject: Re: [PHP] Mcrypt
:[EMAIL PROTECTED]]
Sent: 22 May 2002 10:06
To: Jimmy Lantz
Cc: [EMAIL PROTECTED]
Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish?
part 3
There is no use of hashing in file-encryption except to use it
as
a check - to see if the decrypted file matches the original
file
Yes Jimmy, you are correct. MD5 is a one-way hash. Its used for
getting a unique fingerprint of some data (like files / passwords
etc) so that it can be compared with another MD5 hash.
Thats the point of a hashing algorithm like MD5 and SHA1 - you
should never need to decrypt the data.
Jimmy,
You could md5 something and send it encrypted and then verify the md5,
something similar to sharing keys...md5 is similar to a key...i use it
as something similar to kerberos...
And yes, MD5 is a one-way hash...which comes in handy...
Just remember that bigger is almost always better.
Hi,
I believe that twofish has been successfully broken, so use blowfish
instead. Typically, for encrypting files you will use an algorithm like
blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt
supports this. Also, when creating the hash of the file, it is probably best
to
I believe that twofish has been successfully broken, so use blowfish
instead. Typically, for encrypting files you will use an algorithm like
blowfish in cbc mode (as opposed to ebc mode) but I don't know if Mcrypt
supports this. Also, when creating the hash of the file, it is probably best
to
There is no use of hashing in file-encryption except to use it as
a check - to see if the decrypted file matches the original file.
To do this check, you can use either MD5 or SHA1. The choice is
urs.
If ur looking for a good encryption algorithm, you might want to
consider AES (Rijndael).
with the
algorithm (or the data was corrupted somehow).
Hashes are typically used as sanity checks in this way.
JH
-Original Message-
From: Jimmy Lantz [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2002 09:31
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part 3
I
Panicker [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2002 10:06
To: Jimmy Lantz
Cc: [EMAIL PROTECTED]
Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish?
part 3
There is no use of hashing in file-encryption except to use it
as
a check - to see if the decrypted file matches the original
To: John Horton
Cc: [EMAIL PROTECTED]; Jimmy Lantz
Subject: Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish? part
3
And why not use AES, which is an industry standard and having
being proven as the best encryption algorithm in recent times?
http://csrc.nist.gov/encryption/aes/aesfact.html
files in cbc?
JH
-Original Message-
From: Vinod Panicker [mailto:[EMAIL PROTECTED]]
Sent: 22 May 2002 10:25
To: John Horton
Cc: [EMAIL PROTECTED]; Jimmy Lantz
Subject: Re: RE: RE: [PHP] Mcrypt: Blowfish or Twofish or no
fish? part
3
And why not use AES, which is an industry standard
I always hate mentioning this 'cause I feel like an attention whore or
something, but nevertheless, I can't get the thing tested thouroughly
without a bit of whoring...
I've been working on a crypto extension for PHP for a while now, and since
you guys seem into the crypto thing, you might
On Wed, 22 May 2002, Jimmy Lantz wrote:
Thanx for the suggestions!
Someone mentioned that I could use MD5 and then encrypt the hash,
how would I ever decrypt that? Is'nt MD5 a 1-way thing only?
Another question?
Should I go for bigger keylength or bigger blocksize or both? What makes
To: Jimmy Lantz
Cc: [EMAIL PROTECTED]
Subject: Re: RE: [PHP] Mcrypt: Blowfish or Twofish or no fish?
part 3
There is no use of hashing in file-encryption except to use it
as
a check - to see if the decrypted file matches the original
file.
To do this check, you can use either MD5 or SHA1
Ah, when was twofish broken??? That's news to me if it's true.
http://www.counterpane.com/twofish.html
http://www.counterpane.com/about-twofish.html
On Wednesday 22 May 2002 00:43 am, John Horton wrote:
Hi,
I believe that twofish has been successfully broken, so use blowfish
instead.
Ah it would be a good idea to use the hash as a checksum- especially if you
encrypt in ECB
On Wednesday 22 May 2002 01:30 am, Jimmy Lantz wrote:
I believe that twofish has been successfully broken, so use blowfish
instead. Typically, for encrypting files you will use an algorithm like
hiya,
twofish runs at just over 25MB/sec when compiled into a test VC++
application,
blowfish runs at 18MB/sec.
As far as I remember,
if you use the same keylenght (256 or 128) then you should get around the
same level of encryption (probably not exact, but if one was that much
weaker there'd be
On Tue, 21 May 2002, Jimmy Lantz wrote:
Hi,
started playing with Mcrypt and just wanted to ask which encryption method
makes the stronger encryption?
(I can supply the necesary keylength).
Should I go for MCRYPT_BLOWFISH or MCRYPT_TWOFISH? Or no fish at all :)
So what do I need it for?
18 matches
Mail list logo