Re: The importance of IVs
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: The importance of IVs

From: Paul Rubin <//phr.cx@NOSPAM.invalid>
Date: Mon Aug 29 2005 - 23:31:51 CEST



"mobius30" <mobius30@hushmail.com> writes:


> >Blowfish wasn't *qualified* for the AES competition; it only had


> >64-bit blocks.


> 


> Agreed.  It didn't meet the entry requirements.  However, what makes an


> algorithm "qualified"? 



AES candidates had to have 128 bit blocks.



> Really though, NSA endorsement aside, what makes AES any more secure


> than Blowfish?



For one thing, its block size is larger.



> Just because Blowfish has 64-bit blocks does not make it any less


> secure than AES. 



The 64 bit blocksize is in fact a security weakness for some types of


use.  



> Is Blowfish the right algorithm for ALL purposes?  Absolutely NOT.



Is it the right algorithm for AS MANY purposes as AES?  Also no.



Are there specific purposes where AES is better than Blowfish?  Yes,


quite a few.



Are there specific purposes where Blowfish is better than AES?  I


won't say "absolutely not", but it would take some head scratching to


come up with some.



I'm not trying to slam Blowfish.  It was a good contribution back in


the DES era but we've had a lot of progress since then.  The new


knowledge lets us do stuff better than we could before.  Let's not


throw away that opportunity.


Received on Thu Sep 29 21:51:34 2005