carrick, Blowfish & the NSA

[Mark M.]

-----BEGIN PGP SIGNED MESSAGE-----

On Sun, 14 Apr 1996, Perry E. Metzger wrote:

> At least partially broken, yes. I've forgotten the details. I believe
> they were discussed at Eurocrypt. It may be that with the full number
> of rounds that no one yet has a cryptanalysis but I don't recall and
> it doesn't particularly matter from my perspective.

I haven't heard of any efficient cryptanalysis against Blowfish.  I know there
are weak keys, but they are difficult to exploit.  16 round Blowfish can be
broken using differential cryptanalysis with 2^128+1 chosen plaintexts.

>
> > This is the first I've heard of it.  This would mean
> > that PGPPhone is not secure.
>
> I was unaware that PGPPhone used Blowfish, but if it does that was a
> stupid idea in the first place.

Blowfish is unpatented, free for commercial use, and very fast so I don't see
how the use of Blowfish could be considered stupid.  IDEA and triple-DES may
be more secure, but I think that they are too slow for voice communication.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm at voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMXEmo7Zc+sv5siulAQFNugP/eajuzeBDrGi5LfQy5IYANVzYnt/FRQYF
egUkJuWtkxI8ff/CzS9dKxOW95c8SuvYyis9D8NfwAcPesKI/YQp734l/v+NYH4V
G7AZvzdLEKpDWVzo524o326o4ufXV7ycysLNq4yrkPJ5LJyLdm5A3z/0IYeoXStK
2HWAf22Iksc=
=cwEh
-----END PGP SIGNATURE-----