Re: The importance of IVs

Regis wrote:
>PGP Desktop -- hands down, no contest.

Agreed. I have version 9, Personal Desktop. I keep that copy stored
on my notebook, but only one EULA. I don't want to spend money for 3
more licenses (other computers). I need a good freeware app for simple
symmetric plain-text encryption with out having to do it on the
notebook and transfer it through the LAN or via SanDisk. I'm believing
more and more that writing my own app would be the way to go. As for
the swap file, I have 1GB on my main desktop and I still allow a LITTLE
bit of VM. It helps when you are transferring large files or large
groups of files between drives, like backing up files.

>I found a very good starting point for you here:
>http://www.di-mgt.com.au/crypto.html#BlowfishVB

I have seen this reference, schneier.com links to it as well. Problem
is, it's all in VB6. VS2003 doesn't do upgrades very well, though the
guys in Redmond claim it works fine. Maybe VS2005 will do a better job
of upgrading VB6 files to VB.NET (VB7). I guess I could start out with
the above code and try to fix it to my liking. But, maybe it would be
better to start from scratch and make it a long-term project for my
free-time. I'm leaning towards the latter.

>If you're looking at developing something
>crypto-related, you >might consider using
>Twofish (Blowfish's bigger, stronger brother).
>Or even still, go with AES (Rijndael).

I haven't looked into Twofish very much, but I will someday.

O.K. (Get's ready to duck...) Time for some rhetoric on AES vs.
Blowfish. I know, the almight NSA, with its 11-digit budget, has given
AES its "you are cool enough to be in our little club" stamp of
approval. Good enough for government work, right? Yeah, right. So
was DES. (It takes less than a day to crack that now, right?) But as
far as AES goes, I believe (yes, just my lay opinion here) that
14-round AES-256 will be cracked LONG before 16-round Blowfish-448.
Copy and paste here! ;-) Yes, yes. I know. Everyone worships the
almighty AES, and its 128-bit block size intimidates most
cryptanalysts. However, related-key attacks have broken 9-round
AES-256. Now that's a small margin between what has been broken and
where your precious data is stored. I think, someday in the next
decade or two, there will be a breakthrough that will close the gap
between the now compromised 9-round attack and the 14-round spec. Now
you may say, "Who cares. In 10 or 20 years, they will have a new
algorithm that's better than AES and I'll use that instead." O.K. But
why take your chances now? Moore's law MUST be considered here. What
was once considered completely impossible can now be done by a 13-year
old on his daddy's computer. Bottom line, I guess it depends on how
much you trust AES and exactly how valuable your data is to you. Now
for the other side of the argument. Blowfish-448, with it's
"out-of-date" 64-bit block size has NEVER been broken beyond 4-rounds.
Granted, if you are encrypting files larger than a few hundred MB or
so, you could start to see some problems emerging. So, don't put all
your eggs in one basket. Split up your files and use different keys
for each and store them in different locations. RAID configure your
crypto files, so to speak. Oh yeah, and use optical media for your
archiving. Anyway, for the purposes of my personal data storage,
Blowfish-448 will work just fine. And I BELIEVE that it won't be
broken before AES. An interesting note: the same logic that allows
many LINUX users more security than Windows can be applied here as
well. One system may not be THAT MUCH more secure than the other, but
the attackers will always focus on the most popular and more widely
implemented one. Every little bit helps.

One last thing. Any ideas on a web source that has up-to-date test
vectors for Blowfish? (Correct ones!)
Received on Thu Sep 29 21:51:21 2005