[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Blowfish still good enough?

>From the *I know I'm going to get lambasted* department, a subdivision of
*I'm an idiot,* under the jusrisdiction of *now I remember why I unsubscribed
from misc* comes this blather:

I'm not a cryptographer, but strong crypto (or the lack thereof) affects us
all in serious ways. As such, I was pondering whether or not it would be in
the interests of OpenBSD to use a different standard than blowfish--Twofish
and Rijndael.

There was a time when everyone thought DES was perfectly good encryption.
Then weaknesses were discovered in it. People still clung to DES even when the
weaknesses could be proved on paper. It took the EFF's DeepCrack, the DESCHALL
project, and then the former along with distributed.net's cracking of DES keys
to strike the final blow.

No known weaknesses exist in Blowfish, but that 64 bit block scares me.

It can't hurt to err on the side of caution. Thus, it would be a good idea to
consider using one of the 2nd round NIST finalists for the crypto in the base
system. Rijndael and Twofish seem to be the best candidates, due to their
efficiency (see http://www.schneier.com/paper-aes-comparison.html ) and
non-radical nature (twofish in particular.) Plus, they have been througly
scrutinized and are unencumbered.

The key schedule in both is _much_ faster than Blowfish. The password file and
others would require the use of salts in order to resist dictionary attacks,
especially of the time-space trade-off variety.
Bruce Schneier designed Blowfish, he also was one of the men behind
Twofish--which was designed to kick some butt in the AES competition. Besides,
if we use Twofish, we won't have to worry about getting a new mascot. We'll
just need an additional one.
Please, tell me I'm an idiot and Blowfish is the best choice for crypto. Then
I won't worry anymore.

Visit your host, monkey.org