Re: Blowfish Sign Extension implementation risk

• Previous message: Tom St Denis: "Re: Blowfish Sign Extension implementation risk"
• In reply to: Tom St Denis: "Re: Blowfish Sign Extension implementation risk"
• Next in thread: William Wallace: "Re: Blowfish Sign Extension implementation risk"
• Reply: William Wallace: "Re: Blowfish Sign Extension implementation risk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Apr 2004 10:06:41 GMT

Tom St Denis wrote:
> I didn't say you said that. I put that in quotes to capture the essence
> of the thread. That you think XOR is the solution to the problem at
> hand. Then you get all defensive when I suggest that just implementing
> the algorithm correctly in the first place is the better course of action.

I want to add something here I think you overlooked.

In the Blowfish paper he doesn't specify that a key must be loaded by
shifting and OR'ing. He specifies a key is loaded in network byte order
into 18 32-bit variables.

In the relevence of this thread that's a big difference. You're
claiming [from what I gather] that Blowfish wasn't designed robustly
because an implementation is wrong. I'm simply stating that the
implementation is wrong and the design [while terse and lacking test
vectors] is correct.

Tom

• Previous message: Tom St Denis: "Re: Blowfish Sign Extension implementation risk"
• In reply to: Tom St Denis: "Re: Blowfish Sign Extension implementation risk"
• Next in thread: William Wallace: "Re: Blowfish Sign Extension implementation risk"
• Reply: William Wallace: "Re: Blowfish Sign Extension implementation risk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]