CDR: Re: Phil Zimmerman Profiled
David Honig
honig at sprynet.com
Thu Nov 9 18:57:49 PST 2000
At 05:57 PM 11/9/00 -0500, Meyer Wolfsheim wrote:
>> example, about Gnu Privacy Guard (GnuPG), an open source competitor to PGP.
>> There's no doubt in Zimmermann's mind that GnuPG suffers for being managed
>> by programmers. He offers the Blowfish encryption method as an example: "I
>> would never, ever allow Blowfish to be implemented in PGP, because it's not
>> as good a design as Twofish; Twofish is superior. PGP 7 implements Two
fish.
>> Yet we see GnuPG implemented Blowfish."
>
>Okay, I just spent 15 minutes searching the web for information on
>vulnerabilities in Blowfish. Didn't find anything. Certainly I could have
>tried harder... but does anyone know of any risks of using Blowfish?
There are none. Blowfish has a very large key setup time, so unless you
cache its internal state, its a poor choice for *certain* apps ---those
where you need to switch contexts frequently. But it
is very strong, because of that key schedule, and its structure.
Twofish has a much faster key setup.
I can't imagine what PKZ what talking about otherwise, and what you've quoted
is intriguing for that reason.
More information about the cypherpunks-legacy
mailing list