[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Blowfish still good enough?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Blowfish still good enough?
- From: Joachim Schipper <j_(_dot_)_schipper_(_at_)_math_(_dot_)_uu_(_dot_)_nl>
- Date: Fri, 30 Dec 2005 16:02:19 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Thu, Dec 29, 2005 at 02:16:21PM -0600, Travers Buda wrote:
> I'm not a cryptographer, but strong crypto (or the lack thereof) affects us
> all in serious ways. As such, I was pondering whether or not it would be in
> the interests of OpenBSD to use a different standard than blowfish--Twofish
> and Rijndael.
> No known weaknesses exist in Blowfish, but that 64 bit block scares me.
> It can't hurt to err on the side of caution. Thus, it would be a good idea to
> consider using (...) Rijndael (or) Twofish.
> Bruce Schneier designed Blowfish, he also was one of the men behind
> Twofish--which was designed to kick some butt in the AES competition. Besides,
> if we use Twofish, we won't have to worry about getting a new mascot. We'll
> just need an additional one.
Looks like it ain't broke to me. Both MD5 and SHA-1 are beginning to
show their age, and there exist attacks that would, in some
circumstances, allow your TLA of choice to circumvent the protection
they should offer (most likely by faking signatures). In most instances
they are still perfectly acceptable ciphers, but I can see how one would
want to keep away from them.
I know that I've switched to something different for the few cases where
I make a GnuPG signature, take out MD5 if at all feasible, and try to
replace SHA-1 where this isn't too inconvenient.
On the other hand, I've not heard of any feasible attacks on Blowfish.
Which is not to say that Twofish might not be better, but it ain't
broke. Neither are MD5 or SHA-1, by the way.
All in all, I can think of better things to do...