17 Dec
2003
17 Dec
'03
11:17 p.m.
Jerry Whiting writes:
One reason we chose to use Blowfish as the basis for carrick is that it _is_ a new algorithm. One has to assume that the NSA et al. has tools optimized to crack DES and possibly IDEA/RSA. At least let's give them something else to sweat over.
Perry writes: They won't sweat over it long. Blowfish was broken.
My understanding is that Blowfish using only 3 rounds, not the full 16, has been broken. And yes, duplicate entries in an S-box are weak keys. carrick uses the full 16 rounds and we check for weak keys. I'll sleep at night. Jerry Whiting