At 07:37 PM 11/11/98 +0100, Anonymous allegedly wrote:
Can anyone report whether GOST is still used anywhere?
If you're asking "_Should_ I use GOST?", the answer is "No, not unless you really, really understand it, and there's something it does much better for you than more open cryptosystems, such as 3DES, RC4, or Blowfish." GOST isn't just one cryptosystem; it's a family with different S-Boxes, one or more sets for the Soviet military, one set commonly seen publicly, some sets made by software writers, etc. The strength depends critically on the values chosen for the S-Boxes, and the Soviet military kept theirs secure. Maybe the Russian Army or other ex-Soviet countries' armies use it, and maybe the KGB understood it well enough for this to be ok, if you think trusting the KGB or Soviet Military Intelligence for advice on cryptosystems can make something ok... But even if you understand the algorithm well enough to know how strong it is, and that's strong enough for you, why bother? There are publicly analyzed algorithms that are strong enough and well-analyzed, like 3DES, and algorithms that are fast and strong, like Blowfish or correctly-used RC4. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (2)
-
Anonymous
-
Bill Stewart