I wouldn't use BLOWFISH.

Why?

MD4 is flawed -- and its a hash function, not a crypto function (as is MD5).

I'm curious - do you view one-way hash functions as nonessential for crypto? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 )

Well, I wasn't the original person who said that they wouldn't use it, but I would agree. It's too new. It looks very good so far, but until it's been through a lot more analysis than Blowfish has received so far, it is too much of an unknown quantity.

Ah. Incidentally, I wasn't just being a wiseass when I asked why, I wanted to know. Has no one significantly cryptanalysed Blowfish yet? -jon ( --------[ Jonathan D. Cooper ]--------[ entropy@intnet.net ]-------- ) ( PGP 2.6.2 keyprint: 31 50 8F 82 B9 79 ED C4 5B 12 A0 35 E0 9B C0 01 ) ( home page: http://taz.hyperreal.com/~entropy/ ]---[ Key-ID: 4082CCB5 )

-----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <9501161145.ZM27648@wiley.sydney.sgi.com>, Ian Farquhar <ianf@sydney.sgi.com> wrote:

Well, I wasn't the original person who said that they wouldn't use it, but I would agree. It's too new. It looks very good so far, but until it's been through a lot more analysis than Blowfish has received so far, it is too much of an unknown quantity.

That's okay. So's my GUCAPI code (suggestions of a better name are quite welcome. I'm considering changing the name to the Hastur Crypto Toolkit, purely on aesthetics). BTW, pointers to public domain code for each of these ciphers/hashes would be reatly appreciated. The crypto part of the library is really going to just be a collection of what's already available from elsewhere; the main work is in genericizing the IO and the key management functions and in making life difficult for people who don't follow the interface properly. Other than that, the only other real work is getting a reasonably portable source of random numbers working as a default random source. I'll also be distributing an ITAR-friendly "bones" version with instructions on how to add ciphers. Are PRNGs like BBS covered by ITAR? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxqVvxNhgovrPB7dAQGStwP7B9+lX/2KVxs6Zq6u4TNENGFJ6aW4Sydq 7RgJJo5YzKpyQFvzRB1FYYLWKJNIaMbPXrm6mLPLXzj7dShWDngQh3m+K+VP3qU3 IEtNsovJuXqvxWYzA4uH4c1SCAV1DDkjlAjx/Ix884cXbRmEJjpnfiUCrItEf42B Nz3cwcILX4o= =M18o - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxrRGSoZzwIn1bdtAQGfUAF9F0XSAuKnH+jJopAz02NYJmvA271oGq+A 7YSny6PSNLLK5wncl6lnbM0Rr3eQ58cf =8qA2 -----END PGP SIGNATURE-----

On Jan 12, 1:21pm, Mark Chen wrote:

Among symmetric ciphers, there's GOST.

Using which S-boxes though? Matt posted a set a while ago, although I suspect they were the ones the Soviet public got, and probably not overly secure. Add the latest (91 I think) version LOKI to the list. Only a 64 bit key, but still not bad, reasonably well studied, and free. Ian.