-----BEGIN PGP SIGNED MESSAGE----- On Sun, 14 Apr 1996, Perry E. Metzger wrote:
At least partially broken, yes. I've forgotten the details. I believe they were discussed at Eurocrypt. It may be that with the full number of rounds that no one yet has a cryptanalysis but I don't recall and it doesn't particularly matter from my perspective.
I haven't heard of any efficient cryptanalysis against Blowfish. I know there are weak keys, but they are difficult to exploit. 16 round Blowfish can be broken using differential cryptanalysis with 2^128+1 chosen plaintexts.
This is the first I've heard of it. This would mean that PGPPhone is not secure.
I was unaware that PGPPhone used Blowfish, but if it does that was a stupid idea in the first place.
Blowfish is unpatented, free for commercial use, and very fast so I don't see how the use of Blowfish could be considered stupid. IDEA and triple-DES may be more secure, but I think that they are too slow for voice communication. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xf9b22ba5 http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5 "The concept of normalcy is just a conspiracy of the majority" -me -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMXEmo7Zc+sv5siulAQFNugP/eajuzeBDrGi5LfQy5IYANVzYnt/FRQYF egUkJuWtkxI8ff/CzS9dKxOW95c8SuvYyis9D8NfwAcPesKI/YQp734l/v+NYH4V G7AZvzdLEKpDWVzo524o326o4ufXV7ycysLNq4yrkPJ5LJyLdm5A3z/0IYeoXStK 2HWAf22Iksc= =cwEh -----END PGP SIGNATURE-----