Comparing PGP to Symantec's Secret Stuff

Bruce Schneier schneier at
Mon Jan 5 19:04:29 PST 1998

At 08:56 PM 12/16/97 -0800, Bill Frantz wrote:
>At 3:01 AM -0800 12/16/97, Vin McLellan wrote:
>>   Norton Secret Stuff secures the data using the 32-bit Blowfish
>>encryption algorithm -- which is why it's approved for unrestricted export
>>outside the US by the U.S. government.
>This is the first I've heard of a Blowfish based produce being approved for
>export.  Since Blowfish has about 9 bits worth of protection against brute
>force searches in its key schedule, this is about a 41 bit approval.  Does
>anyone know of an export permit for a version of Blowfish with a key longer
>than 32 bits?

Blowfish with a 32-bit key has been approved for export before.  The 
argument is that the long key setup time makes 32-bit Blowfish as weak
as 40-bit anything else.  I don't particularly agree, but there you have it.

Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN  55419       Fax: 612-823-1590

More information about the cypherpunks-legacy mailing list