carrick, Blowfish & the NSA

Perry E. Metzger perry at piermont.com
Sun Apr 14 09:44:13 PDT 1996



SINCLAIR DOUGLAS N writes:
> > Jerry Whiting writes:
> > > One reason we chose to use Blowfish as the basis for carrick is that
> > > it _is_ a new algorithm.  One has to assume that the NSA et al. has
> > > tools optimized to crack DES and possibly IDEA/RSA.  At least let's
> > > give them something else to sweat over.
> > 
> > They won't sweat over it long. Blowfish was broken.
> 
> Yikes!  Are you sure?

At least partially broken, yes. I've forgotten the details. I believe
they were discussed at Eurocrypt. It may be that with the full number
of rounds that no one yet has a cryptanalysis but I don't recall and
it doesn't particularly matter from my perspective.

> This is the first I've heard of it.  This would mean
> that PGPPhone is not secure.

I was unaware that PGPPhone used Blowfish, but if it does that was a
stupid idea in the first place.

Perry






More information about the cypherpunks-legacy mailing list